Intelligence Goals Library: All Your Use Cases in One Place
April 24, 2019 • Matt Kodama
There are a few premises that motivate the work we do at Recorded Future.
1. Threat intelligence is only useful when it gives you the context you need to make informed decisions and take action.
Threat intelligence needs to be actionable — that means it comes at the right time and in a medium that whoever is consuming it can understand. It should enrich your knowledge, not complicate the decision-making process, and it needs to exist within a shared conceptual framework so that everybody who consumes it is on the same page and it can be effectively iterated upon.
2. Threat intelligence is for everyone.
No matter what security role you work in, threat intelligence can augment your work. It’s not a separate domain of security — it’s the context that helps anyone work smarter, whether you’re working in a SOC, doing vulnerability management, or making high-level security decisions. To do so without adding to your workload, however, it needs to integrate with the solutions and workflows you already rely on and have low barriers to entry.
3. People and machines work better together.
Machines can process and categorize raw data at speeds orders of magnitude quicker than humans. Conversely, humans can perform intuitive, big-picture analysis far more effectively than any artificial intelligence — but only if they’re not bogged down with tedious research and the processing of huge volumes of data. When the two are paired together, each works smarter, saving time and money, reducing burnout, and improving security overall.
These core beliefs have driven all of the features and improvements we implement into the Recorded FutureⓇ Platform — including our Intelligence Goals Library.
All Your Use Cases in One Place
The Intelligence Goals Library is a collection of pre-configured use cases, organized by user role, and used to discover and implement those use cases in your organization. It includes the most common intelligence requirements of Global 500 organizations for you to use. A series of goals, which include over 100 (and counting) use cases within them, are divided between a few major roles: threat analysis, incident response, vulnerability management, security operations, risk analysis, fraud, and security leadership.
Each Intelligence Goal consists of pre-configured alerts, and these alerts are automatically updated on the back end as we add sources and make other improvements — so they’re always up-to-date for you without any effort on your end.
Intelligence Goals are essentially a compilation of Recorded Future’s expertise in creating queries, structuring it into a formal conceptual framework so that they’re easy to search, browse, and discover. This shifts the focus from your own team having to develop custom queries to get the information you need to simply knowing what your Intelligence Goals are and exploring the use cases within them. That way, you can:
- Focus on your intelligence requirements rather than the granular details of setting up alerts and custom queries
- Align what you do with already established best practices, structured by role and explained in clear, simple language
- Automatically have your alerts updated
The Intelligence Goals Library is a central place for not only all of your alerts, but also your Watch Lists — another core feature of the Intelligence Goals Library. Watch Lists are custom, configurable lists of companies, technology assets, products, or locations, which power Intelligence Goals and can be used to align the alerts provided with the needs of your organization. They also serve as a single place to maintain your asset lists.
How It’s Different
To have a comprehensive view of your security, you need to understand both your internal network and the external landscape of threats and risks. This kind of assessment requires asking the right questions and then having the resources to answer them.
But asking the right questions takes some framing:
- What do I know about my own security, and how do I know it? That is, what are my known knowns?
- What do I know I need to learn more about — what new threats or tools are out there that I know I need to investigate? That is, what are my known unknowns?
- How can I find out about new threats or updates that I don’t know about? That is, what are my unknown unknowns?
The Intelligence Goals Library provides a new conceptual framework that allows you to easily answer all of these questions.
Our Intelligence Cards, a central feature of the Recorded Future platform, already provide an easy and direct way to get context on any entity in our database, including threat actors, vulnerabilities, malware, and organizations. Intelligence Cards provide easy-to-understand risk scores and transparent access to the sources that go into generating them. But we also recognize that Intelligence Cards provide just one way to get the information you need, and work best for people who already know what they want to find.
For a long time, threat intelligence has only been accessible to analysts with a technical background. But threat intelligence has been proven to provide measurable benefits for every security role when it’s integrated with the systems and workflows you already rely on.
With the Intelligence Goals Library, we’re breaking down the barriers to entry and providing an even more holistic and straightforward view of your threat landscape, one that compliments the uses of Intelligence Cards and makes threat intelligence easy to understand and put into practice.
If you’re new to Recorded Future and would like to see it in action, request a personalized demo today.