Securing the Security Companies: Protecting the Cloud With Real-Time Threat Intelligence

December 22, 2015 • Amanda McKeon

When a cyber defense company wants to make sure its clients are safe from cyber intrusions, they turn to Recorded Future.

Recently Mike Lefevbre and Emmett Koen of Armor presented a webinar to demonstrate how the company enhances and contextualizes the threat intelligence they produce internally by leveraging Recorded Future. A company as sophisticated as Armor has a great many resources dedicated to security operations. Their corporate mission to protect, detect, recover, and respond (PDRR) to security incidents is supported by a robust team that, combined, has over 200 years of IT security experience. Because they know, however, that limiting the scope of their threat intelligence means potentially missing a critical vulnerability, exploit, or attacker group, Armor has been using Recorded Future Cyber for more than a year and a half.

Never Limit Your Intelligence Scope

Mike Lefevbre, Manager of Counter Threat Operations at Armor said, “Regardless of course, vector, or industry, never limit your intelligence scope.” This is how Armor approaches their partnership with Recorded Future and has moved from reactive monitoring to proactive threat hunting, finding indicators of compromise more quickly and easily than with their internal capabilities alone. The wider net cast by Recorded Future allows them look beyond traditional online locations for threat data, and the ability to drill into source information has given their threat analysts more context on which to base their security and risk decisions.

Because Armor has to stay ahead of direct threats to their own organization as well as threats to their customers, they require a more holistic view of the threat landscape. During the webinar Lefevbre explained how they generate a broader view of the threat landscape by integrating Recorded Future’s threat intelligence with their security operation center (SOC) capabilities.

Gain Valuable Context

They showed how Armor can now track direct threats to their company, technology stack, and public assets by loading freetext, domains associated with Armor and its customers, products, and relevant IP addresses into Recorded Future.

Understand the Direct Threats to Your Organization

As a result, they have more context and clarity on direct threats, they have a much larger scope of source information (Recorded Future analyzes and delivers alerts on more than 700,000 Web sources in real time), and they can drill into critical background information that was previously inaccessible or difficult to find and retain from the deep and dark Web.

Armor’s Intelligence Analyst Emmett Koen said, “Recorded Future is the first place we go to start building context.” The Cyber Dashboard and Indicator Cards are incredibly easy for them to use, which means more time is available to their threat analysts to focus on protecting the assets that matter most.

Contact Us

To hear Matt and Emmett’s comments on how they use Recorded Future, download the webinar. Or contact us direct for a personalized demo to learn more about how Recorded Future helps even the most sophisticated security companies stay ahead of direct threats.