Recorded Future Intelligence Platform

The threat intelligence module within the Recorded Future platform has provided us with a unique answer to some of the hardest questions in the Cyber Threat Intelligence world. That is who we should be worried about? That kind of priority intel requirement is always sought after, but rarely do we get a good idea of what that is. Recorded Future gives us the ability to identify our technologies and vulnerabilities in an effort to correlate which threat actors are currently abusing those entities in an effort to identify potential threats to our organization. Essentially, this product has helped us answer the age-old threat strategy of "know yourself and your enemy" in an effort to lead risk reduction processes.

The User Portal has a friendly page. However, there is a need for a very technical team to understand how to drive in the platform because of the use of technical terms in the GUI. Threat Intelligence functionality is powerful, once watch lists are fully deployed this tool will detect in real time threats ocurring around all the technologies and supply chain. Integration is excellent, it's capable to ingest the data from the main VM and CMDB tools and using it to connect dots to provide a accurate risk assessment. Alerting functionality is average since the Threat Intelligence Team have to still prepare a detailed and executive report. However, the detection, as mentioned before, is excellent since it's continuously monitoring the landscape. The Analyst Support from the organization is outstanding. They are always willing to help and explain any functionality to potentiate the use inside our company.

RF has been excellent the platform delivers high quality actionable TI that improves SOC efficiency accuracy and risk based decision making.

RF offers multiple features of available TI tools in one platform for unified visibility which is supposed to make it easy manage all the intel in one place but is difficult to navigate if not properly trained on the tool. They offer multiple packages with certain modules which becomes costly when trying to include the tools needed. We also use multiple other TI platform and hence not too dependent on just RF.

It provides us specific attack vector details and scenarios as well as we get the notification alert if any data breach observed on dark web for organization. We can create use cases for our daily monitoring, which helps us act proactively on zero-day vulnerabilities. Based on the different modules, we can also assess the usefulness of IoCs and add them to our SIEM for further monitoring.