Moving Toward a Security Intelligence Program
October 29, 2019 • The Recorded Future Team
For the past 10 years, Recorded Future has focused on empowering organizations to take a proactive approach to cybersecurity. We’ve done this by collecting and analyzing threat data from the broadest range of sources and producing intelligence to help organizations gain insight into the intentions and techniques of cyber adversaries. This enables security professionals to work smarter and stop threats faster.
As our team continues to innovate and evolve our solutions to help modern organizations proactively mitigate risk and stay ahead of threats of all kinds, we’ve embraced a broader security intelligence philosophy that addresses holistic organizational risk in the digital age.
What Is Security Intelligence?
Security intelligence is an information-first approach to security that fuses external and internal threat, security, and business insights across entire operational imperatives — empowering you to lead with intelligence across your organization’s entire security ecosystem.
The security intelligence solutions Recorded Future delivers can either stand alone to streamline your efforts, or work in harmony to accelerate your risk reduction exponentially.
This video provides a look at what security intelligence means to our experts — in their own words:
We call this comprehensive philosophy security intelligence because it goes beyond traditional threat intelligence to also encompass brand protection, third-party risk, security operations and response, vulnerability management, and geopolitical risk.
Security Intelligence: Greater Than the Sum of Its Parts
This is not new technology for Recorded Future, but it is a new philosophy for putting intelligence at the core of your cybersecurity strategy to improve the effectiveness of security teams and tools.
Embracing security intelligence as the most critical tool for exposing unknown threats, informing better decisions, and driving a common understanding, ultimately enables you to accelerate risk reduction across your organization and amplify security efforts exponentially.
This philosophy reinforces the three fundamental ideas that have guided our work since the very beginning:
1. Intelligence must provide the context to enable informed decisions and take action.
Actionable intelligence is knowledge that allows you to prevent or mitigate cyberattacks. To be effective, intelligence needs to be timely, clear, and actionable. It has to come at the right time, in a form that is understandable. It should enrich your knowledge, not complicate the decision-making process. It should help put everybody in your organization on the same page.
2. People and machines work better together.
Machines can process and categorize raw data orders exponentially faster than humans. On the other hand, humans can perform intuitive, big-picture analysis much better than any artificial intelligence — as long as they’re not overwhelmed with sorting through huge data sets and doing tedious research. When people and machines are paired, each works smarter, saving time and money, reducing human burnout, and improving security overall.
3. Intelligence is for everyone.
No matter what security role you play, intelligence makes a difference. It’s not a separate domain of security — it’s context that helps you work smarter, whether you’re staffing a SOC, managing vulnerabilities, or making high-level security decisions. But to make things easier, not harder, intelligence should integrate with the solutions and workflows you already use, and it should be easy to implement.
These concepts guide and motivate all that we do at Recorded Future. Today, as organizations become increasingly cloud-based, distributed, and complex in their push for digital transformation, the need for actionable, automated intelligence for everyone has never been greater. Yet, digital risk is at an all-time high, so as digital businesses continue to evolve, they’re being bombarded with cyber threats from all angles — from the open web and dark web, to partners and third parties, to brand attacks, to internal threats. Without a true, comprehensive view of their entire threat landscape, organizations are vulnerable to attacks that could disrupt or even completely stop business.
Security Intelligence Solutions
Powered by the Security Intelligence Graph, the methodology and patented technology we use to fulfill our mission, Recorded Future automatically delivers the intelligence you need, where you need it, to solve the specific security challenges facing your organization. Our security intelligence solutions can either stand alone to streamline your efforts, or work in harmony to accelerate your risk reduction exponentially.
Fake accounts, apps, and websites are often designed to profit from maliciously redirected or accidental traffic. These can all also result in major damage to your organization’s reputation. Recorded Future empowers you to protect your most valuable asset — your brand — with real-time alerts based on aggregated data from domain registration sites, social media profiles, web pages containing malicious content, and other sources. Security intelligence makes it easy to find and take down typosquat domains, leaked credentials, bank identification numbers, fake social media accounts, code leaks, talk of your brand on dark web markets, and more.
Third-Party Risk Management
Digital connections with suppliers, partners, contractors, agents, temporary workers, and others are now so critical that organizations share confidential and sensitive information with 583 parties on average. Your business is only as secure as its weakest link — and it’s estimated that more than half of all organizations have suffered data breaches through vulnerable third parties. Contextualized security intelligence helps you make informed decisions and reduce your overall risk with real-time security intelligence about the companies in your ecosystem.
Security Operations and Response
Security operations and incident response analysts need to efficiently identify relevant, previously unknown threats and respond quickly. Security intelligence enables these teams to make faster, more confident decisions based on external threat indicators automatically correlated with internal threat data — in real time, at scale across vast amounts of data, and without any manual research.
Threat intelligence is the combination of knowledge, data, and context that allows you to prevent or mitigate cyberattacks, and is a vital component of a proactive security intelligence strategy. Machine learning and automation make it possible to aggregate data from the broadest set of open, closed, and technical sources and provide context on who is attacking you, their motivations and capabilities, and indicators of compromise to look for in your systems. This information is searchable in real time and presented in a single-pane-of-glass view and via customized alerts — so you can make informed and timely decisions.
Vulnerabilities put your business at risk of attack. However, with thousands of critical new vulnerabilities emerging each year, it’s impossible to patch everything, everywhere. Security intelligence scores vulnerability risk based on real-time exploitation trends, giving security and IT teams the context they need to make faster, more confident decisions when prioritizing patches and preventing attacks.
To defend against and respond to attacks on executives and physical entities, security teams and all-source analysts need timely and contextual intelligence. Security intelligence from Recorded Future accelerates critical decision making with contextual OSINT data on geopolitical threats and trends — so you can protect your people and assets and understand shifting dynamics in the geographic areas that matter to your organization.
When used together, these security intelligence solutions ensure a comprehensive security strategy with broad, actionable intelligence at its foundation. Ultimately, security intelligence helps all security teams make better, faster decisions and amplifies their impact.
Read our white paper on the Security Intelligence Graph for a behind-the-scenes look at how the engine that powers security intelligence really works. Download it now to find out how we enable security analysts to protect their organizations from present and future threats.
The second edition of our popular book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program,” offers best practices for organizations shifting toward a comprehensive security intelligence approach. Whether you are just launching your security intelligence initiative or maturing an existing program, the handbook is a must-read to help you efficiently reduce risk.
Start making your move toward security intelligence today!