Platform

Featured Integrations

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

See our Threat Intelligence Solutions in Action

Solutions

Threat Intelligence solves pervasive challenges

Reduce operational risk through timely, precise, and actionable intelligence.

See Recorded Future’s Intelligence in Action

Products

Services

Research

Resource Center

Additional Resources

Additional Topics

Resources

Why Recorded Future

About Us

Partner With Us

Join Us

Company

brand-logo-long-black.svg

Rectangular Logo - Digital (RGB).svg

Home

Careers at Recorded Future

Contact Us

<h1>Frequently Asked Questions About Security at Recorded Future</h1>
Review frequently asked questions about GRC <a href="/faq/grc/">here</a>.

Recorded Future uses a combination of encryption, highly trained staff, and technical safeguards to protect our customers’ data.
 Recorded Future’s information security program includes measures such as:
 <ul>
 <li>Encrypted and hashed passwords</li>
 <li>Active DDoS mitigation</li>
 <li>Automated account lockouts</li>
 <li>Extensive facility access controls</li>
 <li>Multi-factor authentication</li>
 <li>Comprehensive threat intelligence program</li>
 <li>Automated security scans of our systems</li>
 <li>Active penetration testing</li>
 <li>Extensive internal security awareness program and training for employees</li>
 <li>Recorded Future <a href="/security/">Vulnerability Reporting Program</a></li>
 </ul>
 Lastly, Recorded Future has a dedicated product security team that scours our service for potential vulnerabilities, and helps our engineers ship secure code. Our team uses Recorded Future to automatically collect and analyze data from open, technical, and dark web sources to provide the latest information on direct and emerging threats that may impact our company.

How does Recorded Future keep my data secure?

Recorded Future publishes and strictly adheres to a privacy policy aimed at protecting all parties that interact with our service. Our <a href="/privacy-policy/">Privacy Policy</a> explicitly details the information we may collect about you, and how we will use that information.
 Furthermore, Recorded Future strictly adheres to a data minimization policy by which logs are automatically deleted after 14 days (see Recorded Future’s privacy policy for more information).

How does Recorded Future ensure my privacy?

To ensure the security of customer data throughout its lifecycle, Recorded Future encrypts information both at rest and when it is in motion.
 Data is stored with Advanced Encryption Standard (AES) 256-bit encryption when at rest.

Does Recorded Future encrypt customer data?

Recorded Future fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.
 All customer data stored by Recorded Future is located in data centers secured by Amazon Web Services (AWS), which offers unparalleled physical and information security. These servers are housed separately from Recorded Future’s corporate offices, and are distributed globally.
 AWS has been certified to meet the following standards: <a href="https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf">SOC 3; PCI DSS Level 1; ITAR; FIPS 140-2;</a> <a href="https://d0.awsstatic.com/certifications/iso_27001_global_certification.pdf">ISO 27001</a>; <a href="https://d0.awsstatic.com/certifications/iso_27017_certification.pdf">ISO 27017</a>; <a href="https://d0.awsstatic.com/certifications/iso_27018_certification.pdf">ISO 27018</a>; and <a href="https://d0.awsstatic.com/certifications/iso_9001_certification.pdf">ISO 9001</a>. More information on AWS security processes can be found <a href="https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf">here</a>. As an additional security measure, AWS servers hosting Recorded Future customer data can only be accessed via two-factor secured VPN.
 Recorded Future itself is certified to be SOC 2 Type 1, <a href="https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html">SOC 2 Type 2</a>, <a href="https://d0.awsstatic.com/certifications/iso_27001_global_certification.pdf">ISO 27001</a> and <a href="https://www.coalfireiso.com/Certificates/Recorded-Future-ISO-9001-Certificate-Award_7-7-2020.pdf">ISO 9001</a> compliant – Recorded Future’s <a href="https://go.recordedfuture.com/hubfs/legal/soc-3-report.pdf">SOC 3 Report is available here</a>. 
 Our robust infrastructure security systems are supplemented by extensive logging and auditing protocols to prevent any instance of improper access by either internal or external parties. These policies and systems ensure that only those employees with a valid business purpose and specific permission have the ability to access sensitive, or customer-provided, data. Not only are all employees subject to mandatory screening, but these actions are also extensively logged and audited to ensure policy compliance.

How does Recorded Future prevent unauthorized access?

Yes. Recorded Future is GDPR compliant and a member of EU-U.S. <a href="https://www.privacyshield.gov/participant?id=a2zt0000000TSYiAAO&amp;status=Active" rel="noopener noreferrer">Privacy Shield Framework</a>.

Is Recorded Future GDPR compliant?

Beyond customer financial information that is securely kept for billing purposes, and user passwords to allow access to the service, Recorded Future stores the following customer data:
 <ul>
 <li>Saved Queries</li>
 <li>Observed Correlation and User-Generated Analyst Notes</li>
 <li>Alerts</li>
 <li>Reports</li>
 <li>Lists, including Watch Lists</li>
 <li>Information Collected via our free browser extension (Recorded Future Express)</li>
 </ul>
 Recorded Future encrypts and stores this data securely. Recorded Future logs certain user actions. Logs that contain user-provided query data are automatically deleted after 14 days, and all other customer data (including Analyst Notes) is deleted after a subscription is terminated. Moreover, as stated above, Recorded Future has an entire infrastructure in place to ensure that this data cannot be accessed by any unauthorized party.

What customer information does Recorded Future store?

As detailed in the Recorded Future privacy policy, Recorded Future does not share any personal data or logged information with any other company, organization, or individuals except as required in the following situations:
 <ul>
 <li>Satisfy a valid law enforcement request, or as required by law</li>
 <li>Enforce applicable Terms of Service, Terms of Use, or other contractual obligations</li>
 <li>In case of emergency, to protect the property, safety, security, and rights of Recorded Future, its users, or the general public</li>
 </ul>
 Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Recorded Future’s policy to respond as narrowly as possible to best protect our customers’ privacy.

How does Recorded Future respond to government or law enforcement requests for data?

Yes, Recorded Future provides single sign-on (SSO) support from the following providers, and are in the process of expanding our service to include additional providers in the near future:
 <ul>
 <li>Google G-Suite</li>
 </ul>

Does Recorded Future support single sign-on?

Yes, Recorded Future adheres to secure coding guidelines (including <a href="https://www.owasp.org/images/0/08/OWASP_SCP_Quick_Reference_Guide_v2.pdf">OWASP Secure Coding Practices</a>) that address common software development vulnerabilities.

Does Recorded Future adhere to secure coding guidelines?

Recorded Future maintains a vulnerability reporting program that can be found <a href="/security/">here</a>.
 If you have discovered a vulnerability in our service, please contact us at security@recordedfuture.com and visit <a href="/security/">this page</a> for more information.

How can I report a security vulnerability to Recorded Future?

Frequently Asked Questions

Refine your search

We could not find any results for your search, so why not start with the articles listed below?