Browser Extension: Threat Intelligence Is Just a Click Away
October 18, 2018 • Karen Levy
Are you drowning in daily security alerts and asking yourself what it all means? Security teams today have access to tons of inputs from SIEM, endpoint, vulnerability management, and firewall solutions, not to mention the countless security bulletins, blogs, and articles in mainstream news — too many to keep up with.
We talk to security professionals every day, and the most common challenge they’re facing is always the same: tons of data, too few people, and not enough time to review all of the information. The result is that security teams continue to struggle to effectively protect their organization.
Manually researching to get context around alerts often means starting from scratch — using multiple tools from different websites and feeds, cutting and pasting, and running into sources that are potentially out of date. We think finding usable intelligence this way is inefficient and unsustainable.
Because security operations, vulnerability management, and incident response teams need fast access to real-time context to make sense of all that data, we developed the Recorded Future browser extension to deliver access to threat intelligence from any webpage at the click of a button. By clicking on the Recorded Future browser extension (available in Google Chrome and Mozilla Firefox), all CVEs, hashes, domains, and IP addresses on the page are immediately identified and displayed in the extension.
Real-time threat intelligence is shown with risk scores clearly displayed. In the example above, we can readily see that there are 39 IP addresses on the page and that two of them are scored as “high risk.” Further, we can click the arrow and view the specific data behind the risk rule.
In the image above, the IP address 220.127.116.11 has a risk score of 79 because it has historically been on a blacklist and has been tied to threat actors. From here, you can also click on the indicator to access the full Intelligence Card™ with more detailed information. All intelligence accessed through the browser extension is updated in real time and supports the ability to pivot for more details.
Security professionals find this single-click access to real-time threat intelligence valuable when working in different solutions to:
- Quickly triage and understand threats related to SIEM alerts
- Prioritize vulnerabilities to patch from scan data
- Identify indicators and level of threat in security bulletins and reports
On top of that, one of the best things about the browser extension is that it can be used with any web application. To see it in action, request a free trial today.