June 13, 2016 • Glenn Wong
Collecting, analyzing, and acting on threat intelligence is a dynamic process, and one that requires analysts to synthesize a lot of information — both in terms of volume and variety.
Practically, this means that analysts typically use various tools and information — also known as “all-source analysis” — as part of their research and investigation workflows.
With our just-announced OMNI Intelligence Partner Integrations, we’ve made it much easier for analysts to conduct all-source analysis.
The key building blocks of this new capability are “extensions” for our Intel Cards. These extensions connect with our Intelligence Partners to digest useful, relevant information directly into the Intel Card for review and analysis.
We proudly believe this is a breakthrough in all-source analysis; with this feature, analysts can:
Currently, several existing Recorded Future customers are beta-testing this new feature and the feedback has been very enthusiastic.
“I’m a big fan, especially of [the] DomainTools and Farsight [extensions],” said one customer (financial services). “When looking at reporting for a malware C2 or exploit kit, I can pivot right to the URLs. It’s all right there.”
Furthermore, this customer told us that the new extensions make it possible to research and prototype investigation pathways across several tools. Once he finds solid results, he can then automate the process with custom scripts. Using Recorded Future as an automation sandbox is proving to be a huge time-saver.
Extensions are currently available for several other Intelligence Partners — including Palo Alto Networks, FireEye iSIGHT Intelligence, ReversingLabs, and PhishMe. We’re also getting suggestions from our beta testers for additional partners to include in the program.
The name of the game is stopping malicious activity before it impacts organizations, and Recorded Future is actively working to make sure our solutions are comprehensive and growing as even the smallest of shifts in the threat landscape occur.
There are several ways you can learn more about this exciting new capability.
Check out this short video that shows the extensions in action.
See these practices in action during our recent webinar featuring Recorded Future Threat Intelligence Analyst Zach Flom titled, “Revealing Ransomware Secrets With All-Source Analysis.”
Join our beta program! If you are already a Recorded Future customer and interested in participating, contact your Recorded Future customer success analyst or account manager.