Goal

Enable proactive threat intelligence-led security operations through enhanced insights and smoother SecOps management.

Challenge

Rapidly identifying and reporting the highest-priority global threats and vulnerabilities as a small, dispersed intelligence team.

Outcome

• Staying ahead of adversaries by relying on proactive security and focused intelligence
• Streamlined security workflows and enriched data via platform integrations
• Saved time and effort by eliminating manual tasks with AI and automation

Challenge

Getting Ahead of Global Adversaries

Wherever US troops are, they place their trust in defense teams tasked with keeping them safe. That’s obvious when it comes to physical security, and the same applies to the cybersecurity measures that protect military medical systems and health records.

Serving more than 9.5 million service members, retirees, and their families, the US Defense Health Agency (DHA) manages the military’s global health system and provides combat medical support to the US Army, Navy, and Air Force.

“DHA’s mission is to protect military health systems and our troops’ information, not only in wartime but at all times,” says DHA Cyber Threat Intelligence Lead Ray Snider, who also runs the agency’s cyber threat hunt team.

Snider’s global intelligence team is responsible for identifying the DHA’s adversaries and vulnerabilities and sharing that information with internal SOC teams. It’s a tall order, and until a few years ago, the team had to search for threats manually, using open-source tools.

Not only were manual searches time-consuming, but these tools lacked depth and the ability to prioritize threats targeting public agencies, health systems, or specific regions.

“We just didn’t have the information we needed,” Snider says.

Solution

Staying Proactive By Prioritizing Threats

The lack of information made the team reactive, and Snider wanted threat intelligence that his team could use to get ahead of DHA’s adversaries. He found it in Recorded Future.

The platform’s Threat Intelligence module allowed the team to easily prioritize the threats most relevant to the DHA, dramatically reducing search time.

“Without Recorded Future, it took us days to piece the pieces together,” Snider says. “Now, it takes us hours to get that information.”

Those hours can mean everything in critical moments. During a recent conflict escalation in Iran, the DHA relied on Recorded Future to quickly assess the new threat implications that arose from the shifting geopolitical situation. That information formed the basis of their action plan.

“Having Recorded Future meant our leadership had all the information they needed,” Snider explains.

Targeting Top-Priority Threats With Intelligence Graph

Recorded Future’s Intelligence Graph indexes threats from more than 1 million sources, including the dark web, technical feeds, malware intelligence, and more.

AI-powered tools like the Threat Map and Advanced Query Builder help users further visualize and focus their search on the threats that matter most from these vast databases.

“Recorded Future helps us confidently say which threat actors target health information so we can present that to leadership and our threat hunters to have them look for certain TTPs,” Snider explains. “It definitely helps ease the manual work we did in the past.”

Easing SecOps Management From a Single Dashboard

Another challenge involved working with numerous legacy devices.

“With military health systems, we have to be a little bit more cautious and careful with vulnerabilities and how we take networks offline,” Snider says. “That adds a little bit more struggle here and there.”

Recorded Future’s SecOps Intelligence removes the struggle by enriching the team’s information on recent malware and CVEs, allowing them to harden the agency’s networks and patch devices without wasting time. They can take all actions from within the same dashboard, easing the management burden.

Snider notes that time is always of the essence, but especially when responding to zero-day vulnerabilities. When they noticed a recent vulnerability across DHA’s networks, for example, they immediately presented leadership with information from SecOps Intelligence. That data allowed the agency to respond to the vulnerability in less than 24 hours.

Streamlining Security Workflows With Integrations

Beyond SecOps Intelligence, the team benefits from seamless integrations that enable them to further analyze their vulnerability data from Recorded Future.

Using the Tenable for Recorded Future integration expanded the team’s understanding of the agency’s vulnerabilities and allowed them to continue working from the same efficient platform. This effort further streamlines security workflows and reporting.

“Being able to use plugins for other vulnerability tools, like Recorded Future for Tenable, cut our vulnerability report time to leadership in half,” Snider confirmed.

Results

Eliminating Manual Work With AI and Automation

DHA’s adoption of Recorded Future coincided with the launch of Recorded Future AI. Since then, the team has incorporated automation features into existing workflows to save time and effort on manual tasks, like compiling reports.

“Having that function where we can utilize AI to create those reports on a weekly basis has been awesome,” Snider says.

These capabilities proved their value when one of the agency’s internal teams requested help adding contextual information for over 1,000 malicious domains. It would have been impossible for the team to perform manual searches using its previous domain-blocking tools. Recorded Future made the impossible possible.

Building Trust To Keep Health Data Secure

For Snider, Recorded Future is more than just a security partner. Snider feels “a weight off my shoulders” knowing a Recorded Future analyst has confirmed all information.

In addition to their regular monthly meetings, the Recorded Future team is always available to Snider’s team and responds promptly to any questions. “It’s more of a family feel than just a customer feel,” he shares.

Working from such a unified platform also feels more collaborative for his small team. “It brings us together,” he adds, and that close collaboration is essential when team members are as far-flung as Hawaii, South Carolina, and Germany.

Whether scouting for threats from individual cybercriminals or nation-state groups in China, Russia, Iran, and North Korea, Recorded Future provides the capabilities DHA needs to stay ahead of attackers—and to protect the sensitive health data of the service members who depend on them.