Recorded Future Equips the West, Allies, and Friends to Collaborate on Global Cyber Defense

For over a decade, Recorded Future has been providing direct support to global governments to help countries build national cyber defense capabilities from scratch, mature their current capabilities, and even collaborate outside of their typical channels. Today, over 30 national cyber defense organizations and over 150 governmental organizations around the world leverage intelligence from Recorded Future in the overall security of their country, and to protect critical sectors and digital & physical assets. To further national cyber defense efforts for the United States, allies, and friends, we built a new capability available to our global public sector customers.

Stemming from our engagements and discussions around national security and defense with global governments, we have seen some key themes:

1. We need a common platform where everyone contributes. With over 30 national cyber defense organizations using the Recorded Future Intelligence Cloud to collect, analyze, and share intelligence we’ve seen firsthand the power of using a common platform for collaboration. This is a testament to the need of being able to give feedback, request new sources and use cases, and talk to allies about best practices. With this type of collaboration - the more powerful the platform gets at defending against adversaries.

In order to further allow for even better collaboration, we should look to develop a an approach to track and measure the thoroughness of private sector-produced intelligence, as a common platform applied across government organizations. Like we see with our clients, as more organizations join the common platform and share relevant insights, the more powerful it becomes and the network effect from it will illuminate adversaries and their activities more than ever before.

2. Collaboration is imperative for national defense but traditional methods are lacking effectiveness. Post-9/11, we saw the largest increase in collaboration across the United States government and allies with mandated intelligence sharing acts, working groups being established, and more, which was a huge step forward for national defense. Even more recently, the 2015 Executive Order to establish more Information Sharing and Analysis Organizations (ISAOs) was signed to double down on collaboration. Today, we are far more vulnerable due to the increase in threat vectors, more sophisticated threat actors, and a more dynamic geopolitical landscape - our global governments clients continue to state that they need more collaboration to get ahead of it all. There are plenty of places for these organizations to collaborate, but there is a problem with the way in which they are collaborating and what is being shared.

Traditionally, the common forms of collaboration are sharing Indicator of Compromise (IOC) lists, free threat feeds from government and industry entities, and the occasional research on trending threats. All of these things need to happen but government, industry, and technology providers should focus on getting far less tactical and collaborating on prioritizing the threats to governments and critical infrastructure based on their opportunity and intent, sharing analytic best practices, and work together with technology providers to build products that address critical needs for their missions.

3. The idea of “threat convergence” is real and needs to be a primary consideration for government organizations.

This is now among the biggest intelligence challenges we help our government clients manage. With the ongoing war in Ukraine, we are seeing threat convergence happen in maybe the most obvious way ever. The Ukrainians are defending their home, their way of life, through an onslaught of Russian aggression from all threat angles – physical to cyber, and influence. Threats can no longer be viewed as single dimensional in nature; they are often intertwined and involve campaigns where all threat angles are linked and deployed in conjunction with one another.

To address this challenge, the corresponding relationship of intelligence must evolve too. To evolve requires a deep, developed understanding of how to operate in the data flow, and then seamlessly, from the data, to deliver unique intelligence ready for machines and at the fingertips of human analysts. Now more than ever OSINT, unclassified technical data, and other sources of intelligence from the places that the adversary is operating and carrying out attacks is absolutely critical.

The way Recorded Future practices what we preach and encourage collaboration between analysts and teams with similar missions, or from the same industry, is through our Intelligence Kits. The Intelligence Kits were first created to address a direct ask from government intelligence analysts looking to understand how they could get the most out of Recorded Future intelligence for specific use cases such as looking at Russian Armed Forces activities or threats to the Defense Industrial Base. Our Intelligence Services team has created over 20 kits spanning from threats to the retail industry to monitoring the war in Ukraine.

Introducing the National Cyber Defense Intelligence Kit

We know that global cyber defenders have a massive mission - their work doesn’t just involve one sector, threats from one country, or a certain threat vector. The scope of their mission and their intelligence needs are constantly changing based on what threat actors are targeting them, newly identified vulnerabilities affecting critical assets, and what is happening in the world.

Recorded Future’s ongoing support of governments around the world has continued to grow but it has also allowed us to identify a gap. No vendor or government agency was looking across all of the critical areas countries need to secure and protect while providing analysts with the tools to be able to investigate threats to these areas on demand and in real-time. This is why Recorded Future created the National Cyber Defense Intelligence Kit. This intelligence kit provides tailored queries and best practices to answer critical intelligence questions using intelligence from Recorded Future. The mission areas included in the intelligence kit include:

• Government
• Utilities
• Energy & Industrial Control Systems
• Telecommunications
• Elections
• Finance
• Defense
• Health

As we get feedback and continuing input from government customers we will further expand the scope of the intelligence kits, and also include new mission areas as they arise.

On top of the new intelligence kit, our support includes teams across global governments tapping into our Intelligence Cloud, a secure, integrated, and scalable technology platform that combines; 13 years of persistent intelligence collection, advanced automation and analytics with large-scale graph analysis, the acumen of our global research team, use-case driven modules, and a community of users and partners to provide the most complete intelligence coverage across all their critical mission areas. We also support them directly with teams of experts helping them develop and shape priority intelligence requirements (PIRs), define and train on analytic techniques, and get the most out of open source and technical intelligence to understand the adversary outside of just classified sources.

Now, we know that the Intelligence Kit and our other support isn’t the thing that will fix all of the observations mentioned above. But we are confident that it’s a starting point to get beyond that tactical sharing and towards the strategic collaboration that’s needed for the defense of governments and critical infrastructure around the globe. We hope others will join us in doubling down on strategic collaboration to disrupt all adversaries.