June 23, 2016 • Amanda McKeon
With the support of Recorded Future, St. Jude Medical experienced:
St. Jude Medical is saving lives across the world with breakthrough technologies that transform the treatment of some of the world’s most expensive epidemic diseases.
Due to the sensitive nature of its work, large number of employees, valuable IP it possesses, and extensive ecosystem of third-party vendors, the company uses threat intelligence to enhance its overall security.
Russ Staiger, Lead Analyst with St. Jude’s Cyber Threat Action Center (CTAC) recently presented a webinar with Recorded Future on how his team uses Recorded Future in its security operations center (SOC) as a way to detect, correlate, analyze, and prioritize emerging threats and indicators of compromise (IOCs).
Previously, St. Jude’s firewall bot detections required an average of 168 unique sources per daily report. Today, with Recorded Future’s real-time threat intelligence integrated with its Splunk security information and event management (SIEM), the organization needs only an average of six sources per day to accomplish a similar result.
Additionally, detections of exploit kit traffic dropped from an average of 27 per day to an average of less than 10 per day. Staiger says that they now have fewer machine rebuilds and analyst time is freed up to focus on bigger-picture threats and preventative measures. With the support of Recorded Future, the organization experienced:
Staiger offered that other organizations consider the way attackers are operating now, if they want to reduce their threat profile. Attacker networks are true business operations: they employ skilled people who have sophisticated processes and use technologies to achieve their objectives. As such, companies need to consider the who, what, and how as well as the potential attack surfaces in threat intelligence gathering. Recorded Future provides this context for his team.
With Recorded Future, St. Jude’s SOC team is able to:
Recorded Future’s Cyber Dashboard, which Staiger considers his “landing page,” provides a quick temperature check to see what’s boiling to the surface of the cyber world. This includes pertinent information such as:
Drilling down, Recorded Future Intel Cards are “powerful and can give you a view of the risk of an IP address, URL, or CIDR block range,” Staiger says.
Staiger presented use cases of Recorded Future, focusing on Enrichment Services for hashes, domains, and IP addresses/ranges. Since the Recorded Future app “marries into Splunk’s enterprise security app,” St. Jude’s SOC gains valuable context, can pivot through information, is able to quickly see correlations and references, and — perhaps most importantly — aligns all of the external data with internal threat intelligence to form a complete picture of emerging threats and IOCs.
When describing Recorded Future’s threat intelligence analyzed from the open, deep, and dark web, Russ Staiger said, “Recorded Future is an extremely well curated collection of some of the hardest to reach, as well as publicly available, sources all brought together to tell one story. It’s a magical moment in technology. They’re leaders in terms of having this much to draw from and having this much power.”