Threat Intelligence for Everyone With Recorded Future Express
February 26, 2019 • Matt Kodama
A major problem in information security today is not that we don’t have enough data — it’s the opposite, in fact. We’re drowning in it. Security alerts, vulnerability scan data, lists of malicious file hashes, and more compete for our attention every day (sometimes it feels like every minute), making it difficult to know what to focus on and what to ignore.
That’s why we’re launching Recorded Future® Express, a new license that includes access to our Browser Extension. It gives you instant context on any IP, domain, vulnerability, or file hash you’re looking at, right in your web browser.
Our mission has always been to help security professionals defend themselves against threats at the speed and scale of the internet. Our new browser extension helps achieve this by reducing barriers to getting actionable intelligence, whatever security goal you’re working toward. It makes threat intelligence available to everyone, rather than the private domain of a few expert analysts.
Threat Intelligence Exclusively for All
The problem of too much data and not enough context is one shared across security functions — whether it’s security operations, incident response, vulnerability management, brand monitoring, or any other role, security professionals are overwhelmed with data. Worse, threat intelligence is often treated as a separate function within a broader security paradigm rather than an essential component that augments every other function. The result is that many of the people who would benefit the most from threat intelligence don’t have access to it when they need it.
As the name suggests, Recorded Future Express has been designed with flexibility and ease of use in mind. We’re tearing down the walls between siloed security functions and providing direct access to threat intelligence to everyone.
The browser extension does this by easily layering on top of all the security solutions you’re already using. It’s right there in every web-based application you already rely on — use it to access threat intelligence on top of SIEM data to triage alerts faster, on top of vulnerability scans to prioritize patching, on top of incident response systems to get a clearer picture of how to respond, or even on top of intelligence sources like US-CERT to pull out the important bits of information fast.
- Triage Alerts Faster: Because of the number of alerts that security teams deal with daily, around 44 percent on average go completely uninvestigated. There’s just no time to manually sort through them all. Even pivoting to a separate threat intelligence solution adds time; with the browser extension layered directly over SIEM alerts, security teams can instantly prioritize alerts by seeing the risk rules they’ve triggered and the context and sourcing behind those rules.
- Prioritize Patching: Just as with security alerts, there are simply too many vulnerabilities constantly appearing for a “patch everything, all the time” approach to security to be realistic, regardless of the resources you have available. And nobody really needs to patch everything — numerous vulnerabilities are never exploited, and any one organization’s network probably contains only a small proportion of the “riskiest” vulnerabilities as measured by traditional risk metrics. With threat intelligence layered directly over vulnerability scans, VM teams can quickly see what vulnerabilities are actually being targeted in the wild and which they can safely ignore.
- Respond to Incidents With Confidence: Indicators of compromise without context really don’t indicate a whole lot. They could be false positives — or a true threat that needs immediate attention. But initial investigations often rely on file reputation services that don’t give all the background context to analyze unknown files. The browser extension speeds up your malware analysis and verdicts by instantly gaining access to intelligence on associated IOCs.
- Speed Read: Researching threats manually is time-consuming and often inconclusive. Whether it’s one researcher or a whole team, nobody can keep up with the glut of information that’s constantly published about threats and other security news. The browser extension layers on top of any security text to instantly identify and organize information around categories like hashes, IP addresses, domains, or vulnerabilities. This can cut down the time it takes to find relevant information in, for example, a long report from US-CERT, from minutes to moments.
Recorded Future Express Extends Your Reach
Every problem ultimately emerges from two fundamental shortcomings: a lack of time, or a lack of information (or both). In the age of big data, the information is out there — we just can’t get access to it in time. We recognize that threat intelligence is only really intelligence when it’s actionable, and intelligence is only actionable when it gets to the people who can take action with enough time to actually do something.
Recorded Future Express makes threat intelligence actionable for everyone. It gives you access to real-time risk scores, triggered risk rules for alerts, and evidence behind those rules, all in the browser extension. It also features access to Recorded Future University, our online training academy for mastering threat intelligence.
For those who still want to take a deeper dive into our Intelligence Cards, pivot into our Quick Search functionality, or get more comprehensive alerting, we continue to offer our Core and Advanced licenses. With Recorded Future, there is an option for everyone and every use case — starting with Express and growing to our more extensive licenses.