Threat Intelligence: Putting It All Together
January 29, 2018 • Christopher Ahlberg
At Recorded Future we have been very fortunate to grow with the expansion of threat intelligence. Back in 2010 only a few companies outside government were serious about building threat intelligence programs, in 2018 it’s quite different. We got started in open source (OSINT) and are to this day very proud of our very broad OSINT coverage across more than 30 human languages. We built out closed source/dark web collection to lead the pack there too — and have been hard at work building out broad and deep technical collection as well as originating threat research and supporting our customers with RFIs. Our customers and users have been very kind to us and I believe we now have the largest deployments of threat intelligence in the world and are also the largest independent threat intelligence company.
Over the last couple of years there have been two very common themes to what the market is asking us for (constant note to self, we all have one mouth and two ears :). First — the ability for users to write their own notes, research, conclusions right inside Recorded Future, completely integrated within the end-user environment. Second — the ability to integrate external data streams with Recorded Future — such as FS-ISAC, Verizon DBIR, various commercial and open source feeds, or for that sake, internal corporate feeds.
Today we launch all of these capabilities and more in Recorded Future Fusion. Both customer-sourced notes and feeds integrated together with the only all-source intelligence platform, in one single environment. We believe Recorded Future is now the only universal threat intelligence solution.
I’ve always been using the analogy of Bloomberg for Cyber when it comes to Recorded Future. We want to pull together, in real time, everything the cybersecurity professional needs to be the very very best intel analyst, SOC operator, incident responder, manager, what have you, in one single screen. Likewise we want to provide the very same data to software, algorithms, SIEMs, endpoints, basically anything that consumes security data, in real time.
It will come as no surprise that the vision here is of course to be able to, in real time, gather threat intelligence from both friendly and adversarial sources (Recorded Future collection!), and combine that with any other intelligence that’s pertinent to our customers, and do so in real time and deploy to where it can be used to defeat the adversary.
As we launch Recorded Future Fusion we will certainly be very humble. This is early days and we will work carefully with existing customers and early adopters to tweak things to success. Our partners, be it technology or intelligence partners, are incredibly important in this. We will work hard to take existing integrations to new levels based on Recorded Future Fusion.
Exciting times in front of us in the threat intelligence world! We are proud and humble to serve you and hope to do so for many years to come. Let me know how we can work together.