How to Use Express to Amplify Your Organization’s Risk Reduction Efforts

How to Use Express to Amplify Your Organization’s Risk Reduction Efforts

Having fast access to security intelligence is critical for accelerating your organization’s risk reduction efforts. Recorded Future’s Express browser extension helps by delivering real-time security intelligence instantly over any webpage, including security blogs and web-based security tools.

To gather our intelligence, Recorded Future leverages a combination of machine and human analysis — fusing open source, dark web, technical sources, and original research. The browser extension puts everything we know about any vulnerability, domain, hash, or IP address at your fingertips.

We aggregate the vast amount of data we collect into categories called risk rules, which are color-coded by severity. Risk rules are then assigned an overall risk score from 0–99, determined by which rules are currently triggered. Each indicator type has a distinct set of risk rules that make up its risk score. The highest severity level associated with an indicator determines its base score:

  • Very malicious: 90
  • Malicious: 65
  • Suspicious: 25
  • Unusual: 5

Risk rules continue to evolve as Recorded Future expands its data and analysis. When you use Express, you’ll have access to the risk score and top risk rule for every single indicator on the page. Here are some ways you can use Express to optimize your workflows:

Splunk Enterprise Express

1) Address SIEM Alerts
Security analysts are inundated by alerts. Most enterprises see more than 10,000 alerts in a single day. It’s nearly impossible for one person, or even an entire team, to thoroughly investigate everything. That means you need to quickly prioritize alerts and focus your triage on the ones that represent the greatest actual risk.

Express makes SIEM alert prioritization easy. Our risk-scores on IPs, domains, hashes, and vulnerabilities constantly update in real time to give you a snapshot of the level of risk for each one. By enabling “show risk scores in-page” within Express, you can layer Recorded Future intelligence directly over your SIEM, allowing you to confidently prioritize and triage alerts fast. Clicking on an indicator allows you to jumpstart your investigation by learning relevant risk information immediately, like whether or not an IP is a current C&C server.

2) Prioritize Vulnerability Patching
Vulnerability management teams are often overwhelmed by the number of vulnerabilities they need to patch. For example,There were nearly 17,000 new vulnerabilities published in 2019, and of those, nearly 10,000 (57%) were classified as “high” or “critical” severity. However, only 5.5% of all vulnerabilities are ever actually exploited in the wild.

Express helps you focus your patching efforts on the vulnerabilities that matter. Our real-time security intelligence helps you instantly understand which vulnerabilities are actually risky, so you can patch those first. Use Express to view real-time risk scores directly on any webpage, or directly over your vulnerability management solution.

3) Enhance Malware Analysis
Incident response teams conduct malware analysis to improve malware detection capabilities for their organizations. However, malware analysis reports are lengthy and often take a significant amount of time to create —and to read. Additionally, it can be unclear how you should take action based solely on the information in a report.

Express eliminates the need to spend valuable time reviewing malware analysis. We provide external security intelligence on IOCs so you can quickly identify and understand high risk IPs and hashes. That intelligence drives faster action, empowering you to proactively mitigate that malware from hitting your environment.

Use Express for free today to access risk scores based on real-time security intelligence within any web-based SIEM, vulnerability solution, or webpage.