The Recorded Future web-conference today was a great insight into the deep Cyber-Intelligence technology the company has developed and what it offers organizations. On display were both a definitive set of broad trend data combined with deep and granular information on every aspect of the MITRE ATT&CK framework and beyond. Recorded Future’s LinkedIn profile reports the company as having had Series E funding of $25 million dollars, however Crunchbase reports an even higher total investment of over $50 million dollars. A press report on PRNewswire in October 2021 outlines Recorded Future’s recent investment in CVE intelligence company Cyber Threat Cognitive Intelligence (CTCI) and describes the Intelligence Fund; Recorded Future’s investment platform.
For anyone as passionate about Cyber-Security, predictive forecasting, and Intelligence as I am, there is a ton to be excited about with Recorded Future’s platform and capabilities. Here’s what I learned from the conference today. Recorded Future aggregates data from across the internet, in 12 different languages, aggregating about 500 unique pieces of information into its systems each second. Data is gathered from a large list of diverse sources. Here is a snapshot of those sources:
- 1,500 Online Forums
- Social Media (Twitter, FB, etc.)
- Code Repository sites (such as GitHub, GitLabs, and BitBucket)
- Online Paste-Bins (known source of anonymously sharing malware)
- Technical Collection (Shodan, Google Dorking, GeoIP, etc.)
- Over 65 Threat Feeds (public and proprietary)
- Internal Notes From Customer Reported IOC
- Certified Intelligence (malware samples, security research papers, POC)
- Blogs and Media
- The Dark-Web
The dark-web is where real threat actors sell their malware, form partnerships, and have open conversations about attack strategy. Samples of malware being used against targets is found and added to existing malware repositories. Accessing this conversation and data directly provides real, critical, actionable intelligence to defenders; security Engineers who plan and orchestrate detection and response.
From source the data is structured, analyzed with Machine Learning, and delivered via several front-end data displays across multiple mediums such as API, web-application, mobile app, and browser extension. But let’s not skip over the data processing stage without noting that context is extracted from the data posted online, including the obvious elements such as malware name, attack vector, IOC details, threat actor group, location, targets described, but the data feed is also analyzed with deep analysis natural language processing for to uncover more information such as sentiment and perhaps will lead to greater ability to identify and locate individual threat actors.
The Future Has Always Been Predicting The Future
It all came into focus when I understood that Recorded Future is using Machine Learning to not only analyze and report current threat landscape, but also building predictive algorithms to gain foresight into the what the probability of the future threat landscape might look like down the road, weeks or months from now. Security architects with access to reliable forecasts extracted from the stormy cloud of threat intelligence can enhance risk assessment and more efficiently allocate resources.
While the trend feed, and threat cards alone provide deep insight that can improve security team efficiency, predictive is even more of a potential game changer. I have not heard of any other companies proposing that level of threat intelligence yet. Developments tend to be reactive instead of proactive. They are already playing with some big names and have some impressive partners, such as Sentinel One, and and no-doubt have some great partnerships lined up. Overall their strategy seems to be feasible and I believe the information they provide will increase in value for Cyber-Security Threat Detection and Response in the upcoming years. Let’s see how Recorded Future’s Future pans out.