Partnership
Threat Intelligence

Unifying cybersecurity: visualizing and actioning Threat Intelligence

Sep 17, 2024 4 min read
FiligranxRecordedFuture_Partnership_BlogPost

In today’s dynamic cybersecurity landscape, the need for advanced, real-time threat intelligence and robust threat management solutions is more critical than ever. Filigran and Recorded Future, both leaders in their respective fields, have forged a strategic partnership to address this need.

What began as a technical collaboration, integrating OpenCTI with Recorded Future’s real-time intelligence feeds, has now matured into a comprehensive strategic alliance. We are combining our strengths to offer a great security solution for organizations worldwide.


About Recorded Future

Recorded Future is the world’s largest threat intelligence company. Recorded Future’s Intelligence Cloud provides end-to-end intelligence across adversaries, infrastructure, and targets. Indexing the internet across the open web, dark web, and technical sources, Recorded Future offers real-time visibility into an expanding attack surface and threat landscape, empowering clients to act quickly and confidently, reduce risk, and securely drive the business forward. Headquartered in Boston with offices and employees worldwide, Recorded Future works with over 1,800 enterprises and government organizations across over 75 countries to provide real-time, unbiased, and actionable intelligence.

Learn more at recordedfuture.com.

Integration with OpenCTI

This collaboration embeds Recorded Future’s threat intelligence directly into OpenCTI, enhancing for increased visualization and actionability.

The OpenCTI integration enables the automated ingestion and parsing of the Recorded Future intelligence, including technical indicators and finished intelligence, including entire Insikt Group reports.

Here’s how the integration elevates your security capabilities:

  • Unified view of all Cyber Threat Intelligence: Provide a unified view and management of threat intelligence from Recorded Future, combined with other sources, including government data, industry data, and internally generated threat data, to get the most value out of the Recorded Future intelligence.
  • Enriched IOCs for More Informed Decision-Making: By enriching Indicators of Compromise (IOCs) with comprehensive threat intelligence, the integration helps cybersecurity teams accurately identify and prioritize threats, ensuring that resources are effectively allocated to address the most critical risks.
  • Automated Workflows for Quicker Remediation: Automated workflows reduce the time from threat detection to response, ensuring quicker remediation of security incidents. This allows cybersecurity teams to focus on complex and strategic activities, enhancing overall efficiency.
  • Real-Time Updates for Proactive Risk Management: Continuous real-time updates keep organizations aware of the latest threats, enabling proactive risk management. This ensures that organizations stay ahead of potential threats and implement timely countermeasures.
  • Enhanced Security Posture: The integration empowers organizations to manage threats more effectively and efficiently by providing a comprehensive, real-time view of the threat landscape and automating response actions.

As an example, consider how an analyst can consume a typical Insikt Group report:

OpenCTI - Insikt Group Report
Insikt Group report in OpenCTI


Here is a report by Recorded Future’s Insikt Group about APT33 using the Tickler Malware for a specific campaign. This report contains many complex relationships; OpenCTI makes consuming and deciphering these very easy:

Recorded Future’s Insikt Group about APT33 using the Tickler Malware
Knowledge Graph in OpenCTI


Here, we see a Knowledge graph in OpenCTI connecting the relationships between APT33, the malware used in the campaign, the IOCs associated with that malware, the victims, and the geolocations of those victims. Analysts can quickly determine where they need to focus their attention using a visualization like the knowledge graph. There are other visualizations available as well, such as the diamond model:

Knowledge graph in OpenCTI connecting the relationships between APT33
Diamond model view


This visualization quickly organizes the relationships into an easily understandable and consumable diamond. Also, because this report contains indicators and techniques categorized via the MITRE ATT&CK framework, OpenCTI allows you to visualize them on an ATT&CK map:

MITRE ATT&CK framework in OpenCTI
MITRE ATT&CK framework in OpenCTI


Another powerful capability of OpenCTI is automated response actions. With this tool, customers can add easy-to-build automation to action the intelligence from Recorded Future. For example, if a customer wanted to take the indicators called out in the report mentioned above and add them to a block list that gets used by their EDR or Firewall products, they could easily accomplish this via an automated response action:

Automation with OpenCTI
Automation in OpenCTI

Availability

Conclusion

The joint integration of OpenCTI with Recorded Future’s real-time threat intelligence represents a significant advancement in cybersecurity threat management. This collaboration allows for advanced visualization of threat data and users to action that intelligence via automated response actions, providing organizations with a robust toolset to detect, analyze, and respond to threats quickly and efficiently.

Filigran and Recorded Future empower organizations to enhance their security posture and stay ahead of emerging threats by addressing key challenges and offering substantial benefits.

Join our Slack community to share your feedback and collaborate with cybersecurity professionals.

Resources

Stay up to date with everything at Filigran

Sign up for our newsletter and get bi-monthly updates of Filigran major events: product updates, upcoming events, latest content and more.