Recording data for cyberdefence

Deliver threat intelligence that’s meaningful and accessible for all security professionals. Remove the barriers to adoption. Integrate threat intelligence into existing cybersecurity workflows. Cultivate the company’s ecosystem of partners.

These are the tenets Recorded Future holds front and centre as it stares down the industry’s biggest challenge: to help organisations reduce risk in the face of a vastly expanding attack surface.

On February 6, Recorded Future documented the latest in a long line of success stories, having helped a Norwegian company analyse a cyber-intrusion by a nation-state actor. The issue had resulted from a simple mislaid password and the resultant use of a third party to transfer private data out of the company.

Recorded Future’s chief technology officer and co-founder Staffan Truvé deduces that this is yet another example of how an increasingly interconnected world is making us more vulnerable and increasingly exposed. It’s a notion the company has been looking to remedy since its inception in 2009.

“When the company was founded, I was operating a research institute in Sweden, looking into the application of artificial intelligence techniques in various sectors,” Mr Truvé recalls. “I could see how algorithms could help guide us in the future, while my business partner and Recorded Future chief executive Christopher Ahlberg was curious about ways we could use everything that was being published on the internet for more
meaningful purposes.

“We brought those ideas together to create a business model that revolved around harvesting everything that people put on the web. First, we, developed natural language processing to turn unstructured text into structured data. Once the structure was added, we were able to do all kinds of analytics on it.”

Nine years on and with many success stories such as its Norwegian client in tow, Recorded Future continues to harvest data from sources all over the digital landscape, from RSS (rich site summary) feeds, big media, social media and even deeper down into the hackers’ playground via forums. Ultimately, the company aims to deliver relevant, real-time threat intelligence powered by machine-learning to manage risk and empower security teams to make fast, confident decisions.

“It’s such a broad spectrum we monitor and analyse,” says Mr Truvé, “but over the past couple of years, we have looked to complement this text data with more technical sources too. For example, we are now harvesting all new registered domains around the world, as well as other technical information about how networks are being used, and even doing our own analysis of malware to see what’s hidden inside them.”

At heart, we are a data company that provides intelligence for our customers’ security teams to make decisions with information pertinent to their business

As Recorded Future’s remit has expanded, and the general population’s awareness of cyberthreats has increased, the company’s demographic has broadened simultaneously.

“We are very industry agnostic in the present day, thanks to the breadth of data we collect,” says Mr Truvé. “It’s a tremendous spread of customers across numerous segments of industry ranging from finance, to manufacturing, to food and drink, and even transport. For each we have essentially geared our machinery in recent years towards the cyberthreat landscape.

“The core technologies are the same as what we started off with, but we have diversified in terms of the sources we collect from and the kinds of events we gear our algorithms towards detecting.”

The model in 2019 acknowledges the different disciplines and requirements facing security teams, and Recorded Future helps to amplify the impact security teams can have across all internal, discrete functionalities.

The company has also greatly expanded its partner ecosystem, integrating with vulnerability management, security operations, incident response and SOAR solutions, as well as deepening its ties with top global resellers and managed security service providers.

“We add context that allows security professionals to take proactive steps, no matter which discipline a security professional is working in,” says Mr Truvé. “At heart, we are a data company that provides intelligence for our customers’ security teams to make decisions with information pertinent to their business.”

As companies augment their digital capabilities, they are concurrently connecting their own systems to numerous others, both internally and externally across the supply chain and customer base. With every new interconnection, however, vulnerabilities are exacerbated and Recorded Future has looked to reduce the risk associated with this broadened network.

“Data is just data until you make it meaningful and actionable to the participant, and by doing broader and deeper collection of data than anyone else out there, and subsequently aggregating that information to bring a numeric value to certain risks, that’s what we’re able to
provide customers.”

The introduction of its third-party risk product further empowers customers to evaluate and assess proposed suppliers or partners prior to connecting digitally with them. Mr Truvé emphasises that this extent of risk management can only be achieved by operating outside company walls.

“We’ve conducted thorough mapping of more than 100,000 companies from this external vantage point,” he says. “Web services, domains, IP address ranges, historical problems with data leakages; we can collate all this data and put a numerical score to it, so a human customer can assess and evaluate what’s best for their company from a digital perspective before connecting their systems with another company’s.

“I like to say that we’re trying to build ‘cybersecurity centaurs’, to take the term from chess. The best chess player over the years hasn’t been a human or a computer, but the combination of the two. It’s the same at Recorded Future, we build machines and a portfolio of data that empower human analysts.”

In the future, the business is turning its attention from descriptive analytics, where aggregated information on events that have already occurred are analysed and documented, to predictive analytics, where risk scores won’t only be produced via historic data, but through predicting future trends based on the information being analysed and the threats being thwarted.

Mr Truvé concludes: “We can apply this predictive approach to domains, IP addresses and even industry sectors, and from there the obvious step is to move towards automation as well, not only predicting risks, but prescribing a course of action for companies to combat these
foreseen threats.

“In doing so, we’re edging closer to realising our goal of not just solving one security problem at a time, but allowing you to attack many of your security problems, faster and more confidently, with data that is impactful for your organisation.”

For further information please visit www.recordedfuture.com