Recorded Future should be a familiar name to any security professional who has researched multiple products in this technology space. Recorded Future has been providing data and intelligence for more than nine years and many vendors incorporate Recorded Future's feed into their own platforms. The fact that so many trust and refer to this company's data and research speaks volumes to the benefits of integrating Recorded Future into a threat intelligence program.
Recorded Future data is a unique combination of 65 integrated feeds and reports aimed at threat intelligence platforms. By using patented machine learning, the solution can handle the same volume of data, received in real-time, that it would take 8,000 humans working full-time for an entire year to review. The focus of the analysis is on trends, patterns and risk scoring. Once the data is analyzed, a security analyst can use an intuitive web application or API to gain access to threat intelligence results.
To enhance analysts' efforts, Recorded Future scours and analyzes structured and unstructured intelligence globally from technical, open and dark web sources and aggregates customer-proprietary data. The goal is to deliver enriched intelligence, rather than isolated and unintelligible threat feeds. Data is updated in real time so the intelligence in context stays current. The centralized information is then processed through a combination of machine learning, natural language translation and review by researchers. Only then is the output ready for human analysis and collaboration.
Upon first logging in, we found the landing page to contain primary data points relevant to the user. The layout is simple, not overwhelming. This makes the solution's Intel Cards easy to locate and review. Intel Cards are dossier-like intelligence summaries that focus on two dimensions of the threat space. The first is IP-based, highlighting the substantiated information gleaned from various sources on the web and numerous feeds, all of which culminate in a Dynamic Risk Score. The second Intel Card indicates vulnerability per potential exploit, which is determined by the NVD's CVSS risk score. In both cases, a higher score indicates a more serious threat.
More recently, Recorded Future expanded its mission, aiming to develop an all-in-one threat intelligence solution for its customers so they would not necessarily need other platforms to make direct use of the company's data. The belief is that all threat intelligence organizations should move toward having one spot to house all of their threat intelligence feeds. An example of this movement toward holistic efficiency is a tailored browser plugin that can directly scan webpage content for indicators of compromise (IOCs).
Otherwise, Recorded Future's intelligence can be tailored and customized for specific use cases before integrating with security technologies such as SIEM, ticketing, incident response, SOAR and more. As a result, customers can share reports with other analysts; export to csv, json, docx, and STIX; or make use of an API for even greater flexibility.
The standard starting package is $65,000, although there are some less expensive alternatives, and support is available 24/7.