Recorded Futureis the first temporal analytics engine enabling web intelligence, pulling open source information from the Internet and indexing it for analysis by event type and time, thereby allowing users to tap into the predictive power of the web. Recorded Future has proven capabilities to forecast unrest demonstrated in a previous webcast and used by U.S. Southern Command, as well as the ability to analyze intelligence stored on a private cloud as shown in its analysis of the the Osama Bin Laden letters. Recorded Future also has wider, more unconventional applications, however, with monitoring and forecasting cyber attacks among the most interesting use cases.
Much of current commentary on cybersecurity treats attacks like unstoppable, unknowable forces of nature yet in reality, many of the attacks driving up the statistics are automated adversaries scanning networks or spamming inboxes. The most dangerous and costly attacks outside of insider threats tend to be targeted and often politically motivated. In this regard, they resemble physical security threats like protests, crime waves, and terrorist attacks, and Recorded Future can analyze them in the same way as demonstrated in a past webcast.
As with all open source intelligence today, cybersecurity analysts face information overload due to a massive volume of intelligence to aggregate, organize, and assess. Recorded Future automates the first two steps of this process so that you can focus on the third, where skilled analysts really shine. Let’s take the example of tracking hacktivist activity. Recorded Future can raise your situational awareness by aggregating relevant articles, blog posts, and tweets on hacktivism and arranging incidents, including predicted future events, chronologically so analysts can get a picture of threats at a given point in time. Recorded Future also lets you see incidents based on source type so you can filter for events talked about on blogs or the major media sources.
Recorded Future also aids in the analysis itself. It recognizes entities to map out the relationships and connections between different actors such as attackers and targets, as well as the attack vectors used or threatened in each case. It also tracks momentum, which tells you when there was the most buzz around a group or attack and whether that buzz is growing or declining. For example, if the momentum for Distributed Denial of Service attacks is increasing, you can assume that they are a growing threat and prepare for them. Recorded Future also helps with monitoring, allowing analysts to create a real time alerting system or a dashboard for events of interest such as threats, breaches, and attacks or future events such as new laws and court rulings that tend to draw a hacktivist response.
All together, these capabilities allow an organization to forecast more accurately whether they will be the target of a major cyber attacks and what threat vectors they should most worry about. Within minutes, analysts could see if there has been a trend of attacks against similar organizations, any threats reported online, or events likely to trigger attacks coming up. They can drill down into coverage by blogs or trade journals if they find the mainstream media insufficient or misleading, and map out the interactions and relationships between hacking groups, companies, government agencies, and law enforcement. While Recorded Future can’t tell you who will attack you and when, it makes open source intelligence intelligence analysis for cybersecurity easier, faster, and more effective. Since cyber defenders need every advantage they can get, Recorded Future can make a major difference in your organization’s cybersecurity.
This post by AlexOlesker was first published at CTOvision.com.
Leave a Reply
You must be logged in to post a comment.