Recorded Future Intelligence Platform

What do you like best about the product?

speed and amount of information they publish

What do you dislike about the product?

the search for information cataloged in structured data

What problems is the product solving and how is that benefiting you?

we offer relevant information to our clients and allow quick response to incidents

Recorded Future  is my main threat intelligence platform that provides alerts regarding brand protection, relevant threat actors, threat groups, and intelligence vulnerabilities. I use it for research and threat hunting.

The integration of Recorded Future  with my SIEM , specifically Splunk SIEM , has been extremely valuable. Having a layer of intelligence within my SIEM that reflects in Recorded Future, and being able to enrich the data at my SIEM, offers various angles that I wouldn't be able to see without it. Recorded Future allows me to maintain very accurate alerts.

Their research capabilities and the human aspect should be more effective. The Insikt Group covers a narrow range of areas, which doesn't reflect my needs. Their research should be wider and more in-depth.

I have been using Recorded Future for almost six years in my current position, and in my previous work, I used it for two years.

I did not encounter any specific deployment issues.

Recorded Future is very stable, with a rating of nine, but sometimes it is a bit slow, possibly due to my region.

I rated its scalability as eight. Being a SaaS, Recorded Future generally does a good job in terms of scalability.

The customer support is frustrating and not efficient. They always request logs and screenshots that seem irrelevant. This leads me to avoid using their help desk.

Neutral

Before Recorded Future, I used IntSights , now Rapid7. IntSights  was not valuable, outdated, unscalable, and had poor coverage of sources.

The initial setup was somewhat challenging, and I would rate it between five and six. They need to optimize this process in future updates. While starting with the platform takes a few minutes, seeing real benefits and working efficiently takes a couple of weeks.

The deployment involved the SecOps team integrating the API from Recorded Future to my SIEM and myself, the threat intelligence manager.

I am not the person responsible for purchases, but it's known that Recorded Future is expensive, with a personal rating of eight for cost.

I evaluated IntSights, Cybersixgill , and Mandiant before choosing Recorded Future, as it was the best among those options.

Overall, I would rate Recorded Future as eight. I don’t have any immediate advice for new users. I need to think more about it.

Public Cloud

Other

I am currently working with Recorded Future's cloud solution. We provide Recorded Future to our customers as a reseller. We provide the customers with support on the API integration and the bidirectional integration. Mainly, people want the Threat Intelligence Cloud from Recorded Future.

Most of the threat intelligence cloud platforms are one-directional solutions, and they just fix the feeds from the cloud, so once they need to build a bidirectional tool, the product should have a third-party tool as a TIF solution or an open-source platform, like OpenCTI, or MISP platform, which is also an open-source platform. The open-source platforms allow Recorded Future to have bidirectional to compare the internal IOCs with the external IOCs and get the common IOCs so that the users can have a good visibility of their internal environment and see what the most APT has targeted in your environment. Recorded Future has developed a browser plug-in that is supported on most browsers, like Google Chrome, Edge, and Mozilla, that allows them to compare the feeds through the different platforms and multi-security control platforms to allow them to compare the threat intelligence feeds and the external feeds through the internal feeds. Once users open any vulnerability management or an SIEM solution and install the plug-ins through the platform or through the browser, so they need to open it through the web console, and the web console will have the bidirectional operation at the end of the the graphic user interface through the client itself through the browser.

Recorded Future depends on or relies on just the deep and dark web analysis through their quantum computing and algorithms. Sometimes, the feed is not accurate or valuable. Other threat intelligence platforms or threat intelligence feeds get more accurate feeds because they do their own IR analysis, especially when it comes to tools such as Group-IB or Mandiant that rely on the feeds through the IR teams. Recorded Future is very expensive for Jordan's market. Many of our clients prefer to just see other platforms and choose the ones that can fit their budget.

The tool should improve the email threat intelligence area. There are many compromised emails. The tool should improve its third-party supply chain risks because there is a lack of visibility.

I have been using Recorded Future for three and a half years. My company is a reseller of Recorded Future.

To be honest, as a system integrator, we didn't operate Recorded Future's feature, but as I get feedback from our clients, I know that the tool didn't have any issues with the stability part.

It is a highly scalable solution since it is a SaaS product.

The tool is used in the military sector and different government sectors. There was an enterprise level around, and I know that the government has a huge client base. Recorded Future is provided for the multi-government sector and multiple entities, where the tool is used as a third-party commercial feed, and it already has a comparison sheet with the other commercial feeds, such as Group-IB, Mandiant, and Kaspersky. The feedback I got from our client is that the tool has a huge amount of threat intelligence feeds and storage along with technical information for the indicator of compromise or attack. I can see many of the features of Recorded Future with other commercial feeds. Recorded Future doesn't have the highest accuracy rate when it comes to the commercial feeds it offers. Based on the feedback I got from our customers, they didn't feel there was a return on investment from Recorded Future. Customers had an expensive license but got a tool offering normal value.

I don't have experience with technical support of the solution.

Compared to other tools, Recorded Future's pros are its Intelligence Cards and intuitive graphical user interface. The tool has a plug-in part or the browser plug-in feature. The tool's threat intelligence features could help in comparing the internal feeds with the external feeds, with no need for bidirectional processes. The tool has a one-directional process. What I see with the tool is that it is a very intelligent way to compare the external feed with the internal feed. Most of our clients are complaining about the high false positives of their feeds or the threat intelligence feeds and the expensive subscription activities associated with the tool when I talk about the brand defense or the brand intelligence part of Recorded Future.

ThreatQuotient is a threat intelligence platform, but it doesn't have a commercial feed.

The product's initial setup phase is very intuitive and very easy, as most of the threat intelligence providers, since it can be implemented with API integration.

I believe there's no threat intelligence for on-premises models, but I have worked with two deployments on an on-premises model. The Internet network and other such environments use SaaS products.

The solution is deployed on a hybrid cloud environment because it relies on all the API integrations and interactions with the middleware platform, along with the SaaS platform. The tool doesn't interact with SIEM products directly.

The solution can be deployed in two days. One day is for the implementation, and the second day is for the validation and testing.

I believe the most difficult part in any commercial feeds or threat intelligence feeds is the integration part. If the tool already has some predefined integrations, there is no difficulty. Once you want to integrate a tool with Recorded Future, then for any such new integrations, you should have your API developed or use a third-party firm to operate this process. Everything depends on the complexity of the integrations and the number of resources.

I believe the commercial feeds or the other niche areas can deliver the return on investment better than Recorded Future. Recorded Future segregates the modules into very few subjects, so it has a huge platform, but in the end, any additional Future should be offered as a different subscription, and you should pay through it. There is no bundle, and no one platform gives you the whole tool.

There are two parts to the daily cybersecurity operations. There are two types of customers. Some customers already have solutions that can handle multi-commercial threat intelligence feeds, and the other clients don't have any threat intelligence platform, so they just depend on one threat intelligence commercial feed. The second type of customers can use Recorded Future as a TIF provider. They can integrate the platform with all of their security through the plug-ins and the API integrations offered by the product.

Speaking about the real-time analysis feature of Recorded Future impacting the incident response time, I would say that the tool has an interactive portal. What I mean by the interactive portal is that there are many other threat intelligence fields. The tool gives or provides you with a fixed report, so you can't segregate or delegate some parts of the report to other teams or to a malware analysis team to segregate the duty. There is no segregation possible through the tool's reports. What is unique in Recorded Future is that it can segregate the threat intelligence activity and the threat activity or the threat hunting activity through many teams, such as the malware analysis team with its business intelligence feature. The tool has something called Intelligence Cards, which allows the product to give users more details through any IOC provided.

I have SecDevOps-driven cybersecurity strategies that are supported by Recorded Future. The tool can integrate with a lot of security control and proactive protection devices.

I believe the tool's maintenance depends on the OS users work with, meaning it all relies on the operation system that handles the integrations. Maintaining the tool is unnecessary, as it is a straightforward platform.

My recommendation of the tool to others depends on their use cases. If someone has a lot of enterprise-level skills and teams, such as threat intelligence teams, IR teams, and malware analysis teams, then Recorder Future will facilitate processes like threat enrichment and threat sharing among those teams. For those who are looking for accuracy and to get the right feeds for their investigation, I would not recommend using Recorded Future because there are so many unknown or niche cybersecurity platforms in the market that have more visibility and more accuracy in the area of commercial feeds because I believe such products use the human resources to validate those feeds. Recorded Future doesn't have the capability to validate its feeds. The tool relies on its own algorithm and the government's feeds for the threat intelligence feed. Even with Recorded Future, some of our clients didn't have an IR team to validate their activities to filter the most accurate feeds and avoid noisy feeds.

I rate the tool a seven out of ten.

Recorded Future has some important strengths. It has a long history of success in the market and is known for excellent threat intelligence. Its team is skilled at using AI to search for and report on threats. For many years, it was seen as the best in the industry.

While I don't think the tool is weak, its position isn't as dominant as it once was. Other companies like CrowdStrike and Mandiant are now challenging them in many areas. One downside is that Recorded Future can be complex for customers to use and understand. This isn't easy for clients to navigate.

From my understanding, Mandiant has been offering lower prices on many large client cases over the past year. They've been challenging the pricing model and setup of companies like Recorded Future. This has been difficult for the tool , as they were used to being almost alone in the market. After being bought by Google, Mandiant has gained a lot of power and seems to have more flexibility in pricing.

My main criticism of Recorded Future has been the complexity of its licensing model and the difficulty clients have understanding the different modules. This complexity likely stems from Recorded Future's historical position as a dominant market player, which allowed them to create numerous add-on modules. The pricing for these systems and services is generally quite high.

Initially, these systems required significant manual work, justifying the high costs. However, today, the process is becoming increasingly automated. This puts price pressure on all providers, including Mandiant and others. Despite the challenging market with frequent cyberattacks, I think it will be difficult for these companies to maintain the high prices they've charged in the past.

The solution has a good technical team. It's part of the package that customers buy into. Each client has an account manager and direct access to live customer support. The team responds fast. 

Positive

I'd still recommend Recorded Future for large organizations, but they must understand the business model and pricing. The quality of Recorded Future, Mandiant, and CrowdStrike seems quite similar, though I'm not a deep technical expert. The choice depends on the customer's needs - not all customers need every feature.

I can't definitively say which is better regarding AI technology as I haven't technically compared them myself. The solution might be advantageous due to their extensive experience in the area. However, with Google's resources behind Mandiant, they likely have significant capabilities, too. Google's resources are probably on par with Microsoft's, so they could easily ramp up their technology if needed.

When discussing AI in these threat intelligence setups, clarifying what we mean is important. Often, it's a system of rules analyzing abnormalities and triggering actions. I frequently ask what people mean by AI in different contexts because it often comes down to rules: if certain events occur or parameters are exceeded, what actions should be taken? These systems analyze data in real-time and feed it to the Security Operations Center to create a more efficient setup with fewer false positives.

False positives are a major challenge, especially for smaller companies. If they don't have well-trained IT staff, dealing with numerous false positives can be more trouble than it's worth. I've seen smaller organizations struggle with this - sometimes, it's almost better for them not to have these systems if they can't understand and manage them effectively.

I rate the overall product as nine out of ten. 

We used Recorded Future to find many things like passwords captured in the dark net and websites selling other information regarding our domains. We use the solution to search for our brand or other institutions on the darknet.

Recorded Future helps our organization to be a step ahead of future attacks.

The most valuable feature of Recorded Future is how it detects everything regarding our domain.

Recorded Future is a very expensive solution, and its pricing could be improved.

We recently acquired Recorded Future.

Recorded Future is a stable solution, and we haven't experienced any downtime with it.

Recorded Future is a scalable solution. Around five users are using the solution in our organization. We are spread across the country and have around 30,000 endpoints for Recorded Future.

We are still learning how to use the solution. I think Recorded Future has a normal deployment or a normal learning curve.

It takes around three months to deploy the solution.

Before choosing Recorded Future, we evaluated other options like Mandiant and FortiRecon. We chose Recorded Future because it gives much better results.

Organizations must have at least two dedicated technicians working with the solution since the learning curve is a little big. To use the solution to its maximum capacity for the first year, having at least two technicians working with Recorded Future is better.

Overall, I rate Recorded Future ten out of ten.