Recorded Future, the world’s largest provider of intelligence for enterprise security, today announced new capabilities for its Threat Intelligence and SecOps Intelligence solutions, arming security teams with real-time intelligence of threats within their environments, enabling them to address and triage security concerns faster.
Recorded Future’s Intelligence Platform supports the entire security ecosystem within an organization, delivering intelligence to both proactively detect and monitor directly within existing security technologies, providing a complete view of the threat landscape from attacker to midpoint all the way through to victim.
Only Recorded Future offers intelligence for security teams which includes automated, verified, and high-confidence connections that can validate the relationships at scale between, for example, a threat actor and command and control (C2) infrastructures.
This is made possible by the company’s malware sandbox analysis and its Network Traffic Analysis capabilities, whereby Recorded Future’s platform automatically analyzes internet traffic data to produce specific insights into suspicious and potentially malicious behavior based upon detailed evidence.
Evidence provided to security teams includes internet traffic between hosts including botnets, malware distribution, DDoS, scanning, C2 infrastructure, and data exfiltration. Recorded Future also provides information for analysts by mapping to the latest MITRE ATT&CK framework, giving security teams a precise picture of adversarial tactics and techniques.
“We see more than a billion events per day. Recorded Future gives us the ability to enrich this data and gain additional insights into TTPs, social media handles, dark web forums, special access groups, and more that we didn’t previously have access to.” – Ryan Norwall, Security Operations Manager, City of Los Angeles
Recorded Future Threat Intelligence
Developed for threat hunters and security analysts, Recorded Future’s Threat Intelligence solution provides a dynamic, 360-degree view of a threat landscape, arming a security team with vital information such as high-confidence network traffic intelligence and indicator relationship linkages. Users are able to inform their organization’s security strategy and proactively detect, monitor, and defend against adversaries with capabilities such as:
- Improved advanced threat research and reporting, dark web investigation, and threat hunting with visibility into dark and closed web forums.
- Data exfiltration monitoring to known C2 servers through network traffic analysis.
- Elevated SIEM and EDR threat detection and response with Sigma Rules.
- Accelerated threat detection and threat behavior profiling with Recorded Future Links, evidence-based indicator relationships.
Recorded Future SecOps Intelligence
SecOps Intelligence from Recorded Future improves threat visibility with contextualized intelligence within an organization’s existing security workflows and tech stack, including SIEM, SOAR, and TIP solutions.
SecOps Intelligence provides insights, updated in real time, to make faster, more confident security decisions. It also supports key integrations:
- As an inaugural technology partner for Splunk Mission Control, the new Recorded Future plug-in allows users to detect critical threats and access full context intelligence, with risk scoring and rules on related events. Splunk users can also get hands-on experience of real-time security intelligence to improve threat visibility and accelerate incident response through a free trial of the Recorded Future integration for Splunk Enterprise and ES.
- Through an integration with Rapid7 InsightIDR users can discover previously undetected threats in their InsightIDR environment by correlating internal data with Recorded Future SecOps Intelligence.
- Recorded Future supports over 90 integrations with leading security and technology providers.
“A security team’s ability to address cyber threats is only as good as the source of their intelligence. Whether a defender is threat hunting or integrating intelligence into their existing tech stack for faster threat detection, neither job can be done if there isn’t access to high-confidence data that automatically correlates and validates threats for quick decision-making.
Recorded Future has ingested, analyzed, and produced this intelligence for over a decade, offering clients actionable data and context to otherwise unknown threats.” – Craig Adams, Chief of Product & Engineering, Recorded Future
For more such updates follow us on Google News ITsecuritywire News.