September 13, 2016 • Nagraj Seshadri
Industry’s first lab test measuring productivity gains from threat intelligence.
Do you want to read the full report? Download your free copy now.
Operational defenders want threat intelligence to add tangible and quantifiable value to their organization’s security. As a provider of real-time threat intelligence, we strive to provide measurable benefits to our customers, who have reported back some impressive results.
For example, one customer went on record to say that Recorded Future helped reduced the amount of malicious traffic entering their network by 63 percent.
Inspired by the anecdotal feedback from our customers, we commissioned Codis Technologies, an information security consulting firm specializing in incident detection, incident recognition, and process automation, to conduct a lab test to measure the quantifiable value — in terms of productivity and security — that a SOC (security operations center) analyst gains from integrating Recorded Future with a SIEM (security information and event management) solution.
The results showed that one SOC analyst, in a controlled environment, experienced a 10 times gain in productivity after Recorded Future real-time threat intelligence was integrated with a SIEM.
For the lab test use case, Codis Technologies chose to apply threat intelligence to firewall logs in a SIEM. Effective monitoring of firewall logs enables organizations to detect relevant threats that could otherwise be missed.
However, creating actionable security events from these high-volume/low-context log sources is a time-consuming challenge, especially when firewalls usually account for 50 percent or more of daily log volume. The lab test compared the effort required to triage the same report both with and without Recorded Future and and found an increase in analyst productivity and additional security benefit when Recorded Future was used.
To make the test more realistic Codis Technologies also enriched the same report with free OSINT (open source intelligence) feeds which did not significantly change our findings with Recorded Future. What makes this possible is Recorded Future’s threat intelligence powered by machine learning which provides automation, rich context, and risk prioritization — this is unmatched by predominantly manual means and existing technologies.
To review the full independent lab test, download the report.
We would love to hear your questions, comments, and suggestions on the report so feel free to email us at info [at] recordedfuture [dot] com. You can also request a personalized live demo.