Category: Recorded Future

Analysis Summary A location-specific cyber risk program evaluates cyber threats and risk at non-HQ locations to increase an organization’s information security. Recorded Future expedites threat assessments — down to just two hours to generate an initial threat assessment for a country. Without Recorded Future, two people would need at least two months per country. Recorded…

Earlier this year, Splunk announced their Adaptive Response Initiative — an effort bringing best-in-breed security capabilities together in ways that will improve an organization’s ability to defend against advanced attacks. At the core of the initiative is a new version of Splunk Enterprise Security, scheduled to be generally available soon, that facilitates bi-directional integrations from…

Key Takeaways DarkComet RAT controller identified via a Recorded Future and Shodan alert. 10 minutes and three Recorded Future Intel Cards (including embedded Farsight Security and ReversingLabs insight) produced a substantial lead toward probable cause and a successful criminal investigation. IP Address: 73.77.225.59:1604 (Comcast Cable, Texas) Associated Domain: shadows.sytes[.]net (No-IP Dynamic DNS) Malware: b5462c4312a587171c400953f8fd79f0 (MD5)…

Key Takeaways Threat intelligence is the output of analysis based on identification, collection, and enrichment of relevant data and information. Always keep quantifiable business objectives in mind, and avoid producing intelligence “just in case.” Threat intelligence falls into two categories. Operational intelligence is produced by computers, whereas strategic intelligence is produced by human analysts. The…

Key Takeaways Reporting is always limited by the quality of your intelligence. Make sure you’re providing genuine value, not just filling pages. If you want to maximize the value of your threat intelligence, you need to share it as widely within your organization as possible. You never know who might find it useful. Ask every…

Key Takeaways Independent test shows applying real-time threat intelligence powered by machine learning cuts analyst time to triage a security event from a firewall log from three minutes to 1.2 seconds on average (in a controlled environment), resulting in a 10x gain in productivity. A typical organization with only 100 devices could generate over 2,500…

Security awareness and strategic threat intelligence are mandatory elements of any organization’s ability to ward off cyber events. The threat landscape can appear vast and unwieldy, putting additional barriers in the way of creating a successful threat intelligence program. During a recent webinar, Joe Walbert and Mike Kirk, senior information security analysts with TIAA, explained…

Activity Based Intelligence, or ABI, is an intelligence methodology developed out of the wars in Iraq and Afghanistan used to discover and disambiguate entities (e.g., people of interest) in an increasingly data-rich environment (most of it unclassified and open source). It is geospatial in nature, because it seeks to link entities and events through their…

Every hour of every day you are either hunting or being hunted. The only question you have to ask is which side do you want to be on?Eric Cole, PhD, SANS Analyst and Network Security Expert 86% of IT professionals say that their organization is now involved in some kind of threat hunting. Today, businesses…

Key Takeaways Understanding the four main threat actor types is essential to proactive defense. Cyber criminals are motivated by money, so they’ll attack if they can profit. Hacktivists want to undermine your reputation or destabilize your operations. Vandalism is their preferred means of attack. State-sponsored attackers are after information, and they’re in it for the…