All-Source Analysis Breakthrough With New Recorded Future OMNI Intelligence Partner Integrations

June 13, 2016 • Glenn Wong

Collecting, analyzing, and acting on threat intelligence is a dynamic process, and one that requires analysts to synthesize a lot of information — both in terms of volume and variety.

Practically, this means that analysts typically use various tools and information — also known as “all-source analysis” — as part of their research and investigation workflows.

With our just-announced OMNI Intelligence Partner Integrations, we’ve made it much easier for analysts to conduct all-source analysis.

The key building blocks of this new capability are “extensions” for our Intel Cards. These extensions connect with our Intelligence Partners to digest useful, relevant information directly into the Intel Card for review and analysis.

Hash Card

Above is an example of a Hash Card with just some of the information analyzed by Recorded Future.

Palo Alto Networks Integration

Above is additional information about the hash from Autofocus by Palo Alto Networks; this is displayed on the same Hash Card inside Recorded Future.

We proudly believe this is a breakthrough in all-source analysis; with this feature, analysts can:

  • Find hidden connections on new and emerging threats.
  • Analyze information faster with a “single pane of glass” that’s easy to setup.
  • Get more value from existing (and new) intel investments.

Currently, several existing Recorded Future customers are beta-testing this new feature and the feedback has been very enthusiastic.

“I’m a big fan, especially of [the] DomainTools and Farsight [extensions],” said one customer (financial services). “When looking at reporting for a malware C2 or exploit kit, I can pivot right to the URLs. It’s all right there.”

Furthermore, this customer told us that the new extensions make it possible to research and prototype investigation pathways across several tools. Once he finds solid results, he can then automate the process with custom scripts. Using Recorded Future as an automation sandbox is proving to be a huge time-saver.

Extensions are currently available for several other Intelligence Partners — including Palo Alto Networks, FireEye iSIGHT Intelligence, ReversingLabs, and PhishMe. We’re also getting suggestions from our beta testers for additional partners to include in the program.

The name of the game is stopping malicious activity before it impacts organizations, and Recorded Future is actively working to make sure our solutions are comprehensive and growing as even the smallest of shifts in the threat landscape occur.

Learn More

There are several ways you can learn more about this exciting new capability.

Short Video

Check out this short video that shows the extensions in action.

On-Demand Webinar

See these practices in action during our recent webinar featuring Recorded Future Threat Intelligence Analyst Zach Flom titled, “Revealing Ransomware Secrets With All-Source Analysis.”

Beta Program

Join our beta program! If you are already a Recorded Future customer and interested in participating, contact your Recorded Future customer success analyst or account manager.

Watch for more product announcements and enhancement on our blog, or sign up to receive the Recorded Future Cyber Daily, trending threats delivered right to your inbox.