Recorded Future's OMNI Program Brings Better Threat Intelligence Everywhere With One Click
By Matt Kodama on October 7, 2015
Lack of context in threat data is a constant challenge for threat analysts. Teams are inundated with indicators but often receive only the bare technical facts, which are not enough to gain insight into true and actionable threats.
For example, a threat intel provider has identified outbound traffic to IP address W.X.Y.Z as a current indicator of compromise (IOC), but what kind of compromise does that traffic indicate? What type of threat actor, with what intentions, should be evaluated? What kind of exploit target might make those outbound requests?
Without better context, it’s hard to determine which threat indicators to deploy in detection rules, and even harder to make accurate verdicts about alerts triggered from those detections. Using indicators to improve security is much harder than just acquiring fresh indicators.
Or, as Ryan Stillions said at this year’s SANS Cyber Threat Intelligence Summit, “I’ve got 99 problems, and a lack of threat indicator feeds ain’t one.”
— SANS DFIR (@sansforensics) February 2, 2015
For better context, turn to Recorded Future.
Recorded Future continuously analyzes over 700,000 sources all across the Web to highlight links between infrastructure and malware tools, vulnerabilities, adversary tactics, and even campaigns and threat actors.
Other threat and security teams, security researchers, and malcode analysts are looking at similar incidents in their networks and labs, and publishing their assessments on sites across the Web – which Recorded Future captures, structures for analysis, and rolls up into indicator-centric intelligence summaries, available on demand.
It’s a real-time context frame for your indicator feeds.
Would this context improve your threat analysis, incident response, or other areas of security? We see many opportunities – and we think you need integrations that are quick to build and easy to use.
That’s why today at RFUN 2015, our annual user conference, we announced a program called OMNI that delivers rich threat context from Recorded Future, everywhere you need it. The Recorded Future OMNI program already offers integrations with Splunk, HP ArcSight, IBM QRadar, RSA Archer, and Maltego.
The newest piece of OMNI was released just today; it’s Recorded Future Look Up, a free browser extension for Google Chrome and Mozilla Firefox that lets you pivot from an IP address, domain, or hash on any Web page to the Recorded Future intelligence summary for that indicator. Using Recorded Future Look Up is simple:
- Highlight an IP address (or domain or hash).
- Right-click on the selected text, and select “Look up in Recorded Future.”
- The intelligence summary Web page opens in a new browser tab.
Web Page: Dynamoo’s Blog
- Recorded Future customers have full access to our threat intelligence enrichment content when logged in to Recorded Future.
- All security professionals have free limited access to our content even without a Recorded Future account.
- Recorded Future partners can easily integrate the same Recorded Future context lookup capability into their security products. Recorded Future Look Up uses a simple, consistent URL syntax, making it easy to link to these intelligence summaries from many locations.
When speaking with our CEO and co-founder Christopher Ahlberg about OMNI, he summed it up nicely when he said, “As operational defenders look to add value and better protect their organizations from cyber threats, Recorded Future OMNI improves their effectiveness and productivity by providing unique threat context from the Web. This enriches any security system.”
Contact us if you have questions, or, if like several of our customers, you just want to show us the Recorded Future context lookup integration you’ve already built!