Bringing Recorded Future for Splunk Into Focus

November 7, 2019 • Ellen Wilson

If you attended Splunk .conf 2019, like the Recorded Future team did, you heard about the importance of “turning data into doing” with Splunk’s Data-to-Everything Platform. A number of keynotes and breakout sessions covered the importance of bringing data into every security decision.

As organizations continue to embrace new technologies to fuel digital transformation, the attack surface grows, and it’s becoming more challenging to access, organize, and analyze all the available data to achieve a comprehensive understanding of your organization’s risk standing. So, as security teams begin to understand the value and time savings of eliminating data silos and connecting their security tech stack, the true impact of Recorded Future’s partnership with Splunk comes into focus.

Threat Intelligence Everywhere: The Data-to-Everything Platform

Recorded Future’s mission is to help our clients reduce risk, wherever and whenever they need us. And for many of our clients, our Splunk integrations have been the answers they’re looking for. By integrating our threat intelligence into Splunk, security professionals can access even more context for smarter and faster decision-making. Recorded Future currently offers three Splunk integrations for Splunk Enterprise, ES, and Phantom, described below.

Recorded Future for Splunk Enterprise and ES

To effectively respond to the multitude of alerts generated each day, SOC analysts need a way to prioritize which alerts they should focus on first, so they can optimize their effort for maximum risk reduction. Threat intelligence from Recorded Future creates clarity by adding rich context within Splunk Enterprise and ES. Relevant insights, updated in real time, give security operations analysts, incident responders, and vulnerability management professionals the insights they need — when they need them — to make faster, more confident security decisions.

Recorded Future for Splunk identifies indicators with elevated risk levels by analyzing web reporting, threat lists, and our own novel methods. And unlike IP or domain reputation lists, we deliver rich context so you can selectively apply indicators that match your security needs in event correlation and detection rules. By eliminating the need to manually triage and aggregate information, Recorded Future helps analysts dramatically reduce triage and investigation time, easily prioritize focus, and resolve more incidents faster.

Recorded Future for Splunk Phantom

Splunk Phantom allows incident response teams to work smarter, respond faster, and strengthen their defenses through playbooks for automation and orchestration. However, SOAR solutions require a series of defined playbooks designed to describe threats and how to handle them. These playbooks are only as smart and effective as the data used to construct them. Without actionable, real-time data on active and emerging threats, security teams face problems like an overload of information, a lack of context, and more.

Recorded Future’s unique combination of automated data collection and human analysis generates high-quality intelligence that can be seamlessly integrated into Splunk Phantom. Recorded Future provides real-time risk scores for each IP address, domain, URL, hash, and vulnerability based on risk rules determined from the widest breadth of sources. This adds valuable context to internal network observables, helping incident response teams to quickly identify high-risk security events, rule out false positives, and address low-level events through automation.

To see Recorded Future’s Splunk integrations in action, request a demo today!