Unifying cybersecurity: visualizing and actioning Threat Intelligence
In today’s dynamic cybersecurity landscape, the need for advanced, real-time threat intelligence and robust threat management solutions is more critical than ever. Filigran and Recorded Future, both leaders in their respective fields, have forged a strategic partnership to address this need.
What began as a technical collaboration, integrating OpenCTI with Recorded Future’s real-time intelligence feeds, has now matured into a comprehensive strategic alliance. We are combining our strengths to offer a great security solution for organizations worldwide.
About Recorded Future
Recorded Future is the world’s largest threat intelligence company. Recorded Future’s Intelligence Cloud provides end-to-end intelligence across adversaries, infrastructure, and targets. Indexing the internet across the open web, dark web, and technical sources, Recorded Future offers real-time visibility into an expanding attack surface and threat landscape, empowering clients to act quickly and confidently, reduce risk, and securely drive the business forward. Headquartered in Boston with offices and employees worldwide, Recorded Future works with over 1,800 enterprises and government organizations across over 75 countries to provide real-time, unbiased, and actionable intelligence.
Learn more at recordedfuture.com.
Integration with OpenCTI
This collaboration embeds Recorded Future’s threat intelligence directly into OpenCTI, enhancing for increased visualization and actionability.
The OpenCTI integration enables the automated ingestion and parsing of the Recorded Future intelligence, including technical indicators and finished intelligence, including entire Insikt Group reports.
Here’s how the integration elevates your security capabilities:
- Unified view of all Cyber Threat Intelligence: Provide a unified view and management of threat intelligence from Recorded Future, combined with other sources, including government data, industry data, and internally generated threat data, to get the most value out of the Recorded Future intelligence.
- Enriched IOCs for More Informed Decision-Making: By enriching Indicators of Compromise (IOCs) with comprehensive threat intelligence, the integration helps cybersecurity teams accurately identify and prioritize threats, ensuring that resources are effectively allocated to address the most critical risks.
- Automated Workflows for Quicker Remediation: Automated workflows reduce the time from threat detection to response, ensuring quicker remediation of security incidents. This allows cybersecurity teams to focus on complex and strategic activities, enhancing overall efficiency.
- Real-Time Updates for Proactive Risk Management: Continuous real-time updates keep organizations aware of the latest threats, enabling proactive risk management. This ensures that organizations stay ahead of potential threats and implement timely countermeasures.
- Enhanced Security Posture: The integration empowers organizations to manage threats more effectively and efficiently by providing a comprehensive, real-time view of the threat landscape and automating response actions.
As an example, consider how an analyst can consume a typical Insikt Group report:
Here is a report by Recorded Future’s Insikt Group about APT33 using the Tickler Malware for a specific campaign. This report contains many complex relationships; OpenCTI makes consuming and deciphering these very easy:
Here, we see a Knowledge graph in OpenCTI connecting the relationships between APT33, the malware used in the campaign, the IOCs associated with that malware, the victims, and the geolocations of those victims. Analysts can quickly determine where they need to focus their attention using a visualization like the knowledge graph. There are other visualizations available as well, such as the diamond model:
This visualization quickly organizes the relationships into an easily understandable and consumable diamond. Also, because this report contains indicators and techniques categorized via the MITRE ATT&CK framework, OpenCTI allows you to visualize them on an ATT&CK map:
Another powerful capability of OpenCTI is automated response actions. With this tool, customers can add easy-to-build automation to action the intelligence from Recorded Future. For example, if a customer wanted to take the indicators called out in the report mentioned above and add them to a block list that gets used by their EDR or Firewall products, they could easily accomplish this via an automated response action:
Availability
- The OpenCTI—Recorded Future integration can be downloaded from https://github.com/OpenCTI-Platform/ and requires a Recorded Future integration license.
- To learn more about the license, please contact Recorded Future at https://www.recordedfuture.com/demo.
Conclusion
The joint integration of OpenCTI with Recorded Future’s real-time threat intelligence represents a significant advancement in cybersecurity threat management. This collaboration allows for advanced visualization of threat data and users to action that intelligence via automated response actions, providing organizations with a robust toolset to detect, analyze, and respond to threats quickly and efficiently.
Filigran and Recorded Future empower organizations to enhance their security posture and stay ahead of emerging threats by addressing key challenges and offering substantial benefits.
Join our Slack community to share your feedback and collaborate with cybersecurity professionals.
Resources
Read more
Explore related topics and insights