Recorded Future Reviews

Our main use case for Recorded Future is brand monitoring, reputation, and risk assessment, as it is one of the best tools that combine all three functionalities. We mainly use Recorded Future for our brand monitoring, to maintain our reputation, and for monitoring partner companies. Recorded Future offers scanning of a wide range of the internet, including public sources like various pastebins, GitHub, social media, as well as forums on the dark web. This helps identify if any company assets have been leaked by employees unintentionally, as well as through potential fraudsters. Additionally, it helps us with identifying the severity of vulnerabilities by assessing how many POCs are available or how often certain vulnerabilities are mentioned in related channels.

I can give a specific example of how I have used Recorded Future for brand monitoring and risk assessment. We have been able to identify leaked credentials and close those accounts off. We have also been able to identify malware being distributed or spam being sent out by customers using our infrastructure, and we could shut off those accounts.

The best features of Recorded Future include providing the latest threat reports regarding artifacts, such as IPs, domains, or hashes.

Getting those latest threat reports about artifacts, IPs, domains, or hashes has been advantageous to us in processing artifacts and identifying possible threats in a short period of time. Therefore, we are able to identify threats before they affect our systems and our application. Recorded Future also has the best browser extension that provides real-time information about an artifact and is accurate in identifying malicious domains and APIs.

Some of the best features include searching across multiple sources at the same time, indexing information in real time, and providing dashboards, statistics, and heat maps about certain topics.

Recorded Future has positively impacted our organization as we are able to cover a lot of sources with only this intelligence provider, not having to have specific tools for clear web or social media monitoring. Since the Recorded Future staff is doing the on-demand integration of new sources, we are saving a couple of positions as we do not have to develop our own crawlers. It is possible to integrate the solution with tools such as Splunk, which is really useful in order to obtain KPIs, metrics, and other useful insights for executive members of our company.

Some of the areas that need improvement in Recorded Future include email reports that can show unrelated content. Sometimes alerts pop up for articles that have been published years ago but were just recently discovered by Recorded Future.

For the browser extension, since the main purpose is to present information regarding IPs, I think it would be best to provide us with an idea of where the IP originates or some additional information about the organization it belongs to.

API capabilities in Recorded Future are improving, but there are still some features that are missing and some errors that are hard to handle and understand.

The price of Recorded Future is a bit high, especially for smaller teams working on a tight budget, but it is very effective and relatively competitive for large organizations.

I have been using Recorded Future for the past five years and six months.

According to my experience, Recorded Future is very stable because I have not seen slow performance.

Recorded Future is highly scalable and can be used by any size of organization.

The customer support for Recorded Future is very responsive and proactive.

Previously, we were using VirusTotal, and I use Recorded Future together with VirusTotal to fully understand the possible threats on our network. However, Recorded Future has a better threat intelligence feed that I prefer to use in finalizing my investigations.

Before choosing Recorded Future, I evaluated other options, specifically VirusTotal.

Recorded Future is deployed in our organization using a hybrid cloud.

I purchased Recorded Future through the AWS Marketplace.

We have seen a return on investment as we have been able to identify leaked credentials and close those accounts off easily, thereby improving our security. We have also been able to identify malware being distributed or spam being sent out by customers using our infrastructure, and we are able to shut those accounts off.

The price of Recorded Future is a bit high, especially for smaller teams working on a tight budget, but it is very effective and relatively competitive for large organizations.

Previously, we were using VirusTotal, and I use Recorded Future together with VirusTotal to fully understand the possible threats on our network. However, Recorded Future has a better threat intelligence feed that I prefer to use in finalizing my investigations.

Before choosing Recorded Future, I evaluated other options, specifically VirusTotal.

Recorded Future is mainly beneficial to the SOC. As part of the monitoring team, Recorded Future makes the investigation of alarms much easier for me. It can show the reputation of APIs from domains or even hashes, which helps me redirect my focus to potential malicious network activity easily.

Recorded Future is deployed in our organization using a hybrid cloud, and we use AWS as our cloud provider.

My advice for others looking into using Recorded Future is that it makes the investigation of alarms significantly easier and helps redirect focus to potential malicious network activity. I would rate Recorded Future an 8 out of 10.

For onboarding Recorded Future, it is typically straightforward. We need to have the license provisioned to access the platform. We configure users, user roles, set up policies, and integrate with our SIEM, SOAR, and EDR platforms. The next step involves tuning alerts, defining watchlists, and customizing intelligence collection based on the unique threat landscape of the energy sector. Recorded Future provides onboarding sessions, documentation, and support to help our teams understand how to use intelligence cards, risk scoring, and sector-specific dashboards. Once configured, the platform becomes a central intelligence hub for SOC, IR, and threat-hunting teams.

In terms of reducing alert fatigue, the integration of Recorded Future is very straightforward. We just need to follow a few steps and the integration is complete. We can get real-time threat data as part of the alerts, including dark web monitoring, detailed vulnerability intelligence, and nation-state ransomware information, which helps to prioritize alerts. The feeds go directly into the platform, enabling analysts to quickly understand the relevance of threats in real time.

For Recorded Future's risk assessment, there are a number of tools that we can integrate with the system, especially for risk assessment. We integrated this risk assessment tool with different energy sector commonly used products such as Microsoft Sentinel, Splunk, SentinelOne, ServiceNow, CrowdStrike, and the Splunk SOAR platform. These integrations, including into the firewall, allow threat intelligence to automatically enrich alerts. Any analyst looking at the alerts will get detailed information about the source IP, the destination IP, and whether there has been a breach in the past or if the user is part of the incident response. This kind of threat intelligence gives us additional capabilities to resolve the scoring. From the risk perspective, we can easily identify what we need to prioritize according to critical, high, low, and medium severity. Our team finds it easy to focus on resolving threats according to the energy sector vulnerabilities or dangers. We can get very granular data about what we are looking for and what is happening in our environment.

The features and capabilities of Recorded Future that I have found the most valuable are its AI-driven capabilities that make a significant impact. It has significantly enhanced our ability to prevent attacks that have an AI role in them. The platform uses machine learning to analyze the threat actor behavior, identify emerging vulnerabilities, and leaked credentials of any user account. It also highlights malicious infrastructure before it is used in an attack. Recorded Future has a database which contains all this information, which helps us in the energy sector where the advisory is always ahead of the game. Having this information as an analyst or as an administrator helps us to provide early warning capabilities using this product, allowing us to block incidents if alerts are missed by the EDR or firewall. This intelligence feeds help us to narrow down incidents further. The platform provides a real-time view of the threat targeting critical infrastructure, OT environment, especially for supply chain partners. It offers threat intelligence cards and risk scoring specific to the energy sector. That reporting makes it easier to prioritize what matters the most, reduce the noise, and help us to focus on the threat that would be essentially impacting energy operations. The interface is very intuitive and the alerting system is reliable, making day-to-day monitoring efficient.

We measure improvement in our organization's security posture using Recorded Future by analyzing the impact on mean time to detect and mean time to respond for analysts. When incidents occur, Recorded Future detects them by providing analysts immediate visibility into threats relevant to the energy sector. When an incident happens, if a priority alert requires one hour to figure out what is going on, using Recorded Future significantly reduces the time. Instead of manually researching indicators, vulnerabilities, or threat actors, this platform automatically enriches alerts with risk scores and intelligence cards. The intelligence cards inform us of the risk scores for alerts and what controls need to be in place to prevent incidents from spreading through the organization. The scoring system is beneficial, allowing SOC analysts to identify high-risk events faster, especially involving ransomware groups, known state actors, and ICS-related vulnerabilities. Our sector, the energy sector, is critical; any downtime can be costly. Utilizing this platform has significantly reduced our mean time to detect and we are actively working on reducing mean time to respond as well. When alerts occur, incident responders no longer need to research information, as the platform centralizes everything for them. They can quickly identify threat actor behaviors, tactics they use, associated indicators, and whether threats are actively targeting the energy sector. During the triage phase, analysts can easily identify root causes and resolve alerts promptly, which has significantly reduced our mean time to respond.

For the threat landscape, Recorded Future has a nice dashboard and reporting feature, though there is always an opportunity to improve how we visualize the high-severity sectors. It requires tuning to avoid alert fatigue, especially in high-threat environments like energy, where many threats seem relevant. Some advanced intelligence features require additional licensing, which can significantly increase costs. While Recorded Future provides strong IT-focused intelligence, OT and ICS-specific intelligence, which is improving, still requires supplemental sources for full coverage. New users or analysts newly onboarded to the team may need additional training to navigate the platform effectively.

If we were to upgrade to a Tier 1 plan or an additional licensing plan, it should include advanced intelligence feeds that require licensing upgrades to unlock those features. Although Recorded Future is best in breed in the market, the company should consider lowering prices to be more accessible for mid-sized organizations where budgeting is a main concern.

I have been working with Recorded Future in my current organization and I have been working with this platform in my previous organization. I have three to four years of experience, particularly with this product.

For reliability and stability, we are in a small security team, but the data Recorded Future provides and the stability of this product are very effective. It is best-in-breed in the market right now. Recorded Future offers some customization options, licensing availability, and additional features. Overall, it fits well with our organization and its energy-specific requirements, showing significant reliability and stability.

According to our growing company, US Energy, we are currently over a thousand employees and we are utilizing Recorded Future. Our logs are integrating with different systems, and from a scalability standpoint, this is a good product. As the number of employees increases along with evolving threat landscapes, the real-time feeds provide analysts with helpful information specifically for the threat intelligence card and risk scoring system, helping us narrow down the root cause. This product significantly assists us on the scalability side, as we have not faced any roadblocks or downtime while using it.

I reached out for help when some intelligence feeds were not coming up and logs were not displaying in real time. I opened a support ticket and they were quite responsive, getting back to me within 24 hours, and it worked fine as expected.

I would rate technical support as eight out of ten. They are very responsive and knowledgeable. Whenever there are false positives, issues during upgrades, or alert enrichment, I reach out regarding these use cases, and they help us solve these issues promptly.

Recorded Future is the first product we started using for these use cases.

Setting up the product is pretty straightforward.

I have been involved throughout the onboarding process and in the decision-making process to purchase this product.

I have seen a couple of technologies, such as CrowdStrike and Google in the market, but Recorded Future is best-in-breed for obtaining real-time threat intelligence landscape data.

If Recorded Future reduces the licensing prices, then more organizations can use it and everybody can benefit from it. I would rate this product a ten out of ten overall.

When I was in the SOC team responsible for security operations, I also worked for threat intelligence, and Recorded Future is primarily used as part of threat intelligence and vulnerability prioritization tool in a specific project.

In our SOC team, the main activity is to gather all logs and detect potential threats. Once we started using Recorded Future, it provided us with an overall summary of all threats, including potential threats specific to our organization by providing detailed information on threats specific to the BFSI and healthcare domains as well as worldwide active threats, exploits, vulnerabilities, and IOCs, which helps us in threat hunting during our SOC activities.

In our workflow, there was previously manual effort involved in detecting and hunting threats. Using Recorded Future, we now get a clear view of threat behavior and activities, which helps us gather all necessary details to easily create log queries to hunt threats quickly.

In threat actor intelligence, our focus is to check several key aspects before hunting a threat, such as the nature of the threat, associated IPs, IOCs, and threat actor behavior, allowing us to gain visibility into threat actor activities, campaigns, and tactics. This provides valuable context to the overall threat landscape and aids in developing queries with our SIEM engineering team.

Recorded Future is deployed on an on-premises server in our organization, with multiple cloud connectors and environments integrated to check available threat feeds.

Recorded Future has many features, but we have primarily used the threat intelligence features, which provide us with a wealth of information on threat activities, IOCs, components, subcomponents, nature of the threat, and threat actor intelligence that helps us gather information about potential threats proactively.

After implementing Recorded Future, I can point out two positive impacts: first, the tool helps our SOC team save 30 to 40 percent of effort due to the reduction of manual threat detection and false positives, and second, the quality of our threat hunting has improved considerably, leading to a better understanding of the threat landscape.

This 30 to 40 percent effort reduction can be measured monthly, as we publish monthly status reports, and we have noticed fewer tickets and more detailed prioritization of tickets based on threat severity, improving our implementation of the incident response plan.

A possible improvement for Recorded Future would be better filtering options, particularly when dealing with large datasets.

The user interface is very good, and I would add that an automation feature for remediation workflows would be beneficial, helping not only with threat detection but also with threat hunting activities.

If AI capabilities are added, it will assist users in prioritizing threats more effectively, although I have not used those features yet to comment on their accuracy or reliability.

I have been using Recorded Future for more than two years.

Recorded Future is stable, and I have not experienced any downtime or reliability issues.

In our organization, Recorded Future can handle a large volume of data accurately without issues, accommodating our needs effectively.

During the deployment of Recorded Future, their team provided technical support and assistance, which I found to be very helpful.

I have not used any threat intelligence tool before Recorded Future.

I have mentioned a metric indicating a 30 to 40 percent reduction in time and effort from the SOC team, which reflects our return on investment.

I evaluated Rapid7 before choosing Recorded Future, but opted for Recorded Future due to our client's comfort with that tool.

I have only used the threat intelligence features, which I have already described in detail.

I have provided improvement areas earlier, and aside from that, Recorded Future is very useful and impactful regarding threat intelligence and threat landscape.

If you are involved in threat intelligence or SOC threat hunting and want to improve your accuracy in detecting threats, I recommend using Recorded Future as a threat intelligence tool.

I have shared everything regarding my experience with Recorded Future. I have given this review a rating of eight out of ten.

My main use case for Recorded Future is as a threat and vulnerability feed. In relation to my use case with Recorded Future, it is the go-to tool when it comes to checking for third-party issues, and it is a great place to have news and updates.

The best features Recorded Future offers is the feed; the actual feed has loads of news, and that is the strongest point as they have a lot of information in there that I use daily.

The feed helps me in my daily work by providing information around product vulnerabilities, and for example, I didn't find any vulnerability in the product but actually discovered that the provider had a breach, which didn't show up in any CVE or anything else because it was not a vulnerability, it was literally they got breached, so that was the most useful case that I have found.

Recorded Future has positively impacted my organization by providing the news, and it has actually made a huge impact; instead of having to rely on open source intelligence, I have a place to go where all the information is, so it saves a ton of time.

I cannot think of a way that Recorded Future can be improved. I don't have anything to add about the needed improvements, even small things such as interface tweaks or integrations.

I have been using Recorded Future for a couple of years.

Recorded Future is absolutely stable.

I don't think Recorded Future needs to be scaled; it works perfectly well the way it is.

Recorded Future's customer support is excellent. Personally, I cannot tell you how I would rate the customer support on a scale of one to ten, but from what I've heard, it is well above average, an eight or nine, I would say, and really helpful, especially with the setup, but that is not first-hand information.

I didn't previously use a different solution; I basically started using Recorded Future a couple of years ago and I am really happy with it.

I wasn't involved in that part regarding pricing, setup cost, and licensing. I wasn't involved in the RFP process before choosing Recorded Future.

I have seen a return on investment as I explained earlier, it reduces the investigation time from days to minutes, and that is the biggest ROI; on a team of ten people that use it, one request can take you from three days to minutes.

Estimating how much time Recorded Future saves my team would be hard, but it basically reduces the investigation time for anything from days to less than an hour; on a team of ten people, you do the math—say you get fifty requests in a week, out of those fifty, you will be able to spend basically one person dedicated to that for one week, and the job will be done, rather than having a ton of people doing research independently.

My advice to others looking into using Recorded Future is that if you can spend the money, go for it. I have rated this review as a nine out of ten.

My main use case for Recorded Future is IOC enrichment, dark web monitoring, brand protection, and sandboxing for malware. For investment monitoring, privacy protection, or sandboxing in my day-to-day work, I have our SIEM use cases. Whenever a new alert or SIEM use case is triggered, we automatically take any IOCs, any IPs, any hashes, any domains, any URLs, and feed them into Recorded Future APIs to get IOC enrichment and provide them to the analyst.

The best features Recorded Future offers are their unlimited IOC enrichment, their sandbox, their brand protection, and their dark web monitoring, which is really good.

Recorded Future has positively impacted my organization by allowing our analysts to work less on doing IOC enrichments. They don't need to do subscriptions for different providers for sandboxes. We have our own brand protection right now, and we can monitor any leaks that happen proactively. The analyst doesn't need to copy-paste each IOC and URL and domain anymore to their abuse database or VirusTotal; it's automatically provided to them.

Recorded Future can be improved in terms of their APIs and their integration. Mainly their integration is very difficult, especially with their dark web monitoring notifications and brand protection with anything, as they only support sending emails, which we don't know for sure if they are one hundred percent accurate. If it were possible to do something other than sending email, that would be really helpful, so we can do more automations with it.

Regarding improvements needed for Recorded Future, more metrics and monitoring of their notifications would be helpful. The learning curve when getting started with Recorded Future is a bit tricky because you don't know what features they have, and their documentation, particularly their API documentation, is not the best. The result you get is not what you see in the UI. You can't connect what you have in the API with what you have in the UI, and there are not many resources about that, so it's a bit tricky and you have to figure it out yourself.

Recorded Future really integrates poorly with other tools or platforms I use because we have to rely on the email being sent and do the automation based on receiving that email.

I have been using Recorded Future for a year so far.

Recorded Future is stable.

Recorded Future's scalability is normal, and we don't have limitations with that; it functions strongly.

The customer support of Recorded Future is good.

We did not use a different solution before Recorded Future.

Regarding the value for money I get from Recorded Future, we don't have numbers for that, but it's useful.

Before choosing Recorded Future, we asked our business partners for the best out there, and they recommended Recorded Future.

If it were possible to do something other than sending email, that would be really helpful, so we can do more automations with it.

The quality of threat intelligence data provided by Recorded Future is good, but sometimes it's very aggressive; we get some false positives for IOCs, but generally it's good. The user experience and interface of Recorded Future is easy to navigate and use. I am not so satisfied with the frequency and quality of updates or new features from Recorded Future; I would say it's average and normal.

The documentation and support resources provided by Recorded Future are bad. My advice to others looking into using Recorded Future is to make sure you are ready for that; they don't provide very supportive information, and you will have to figure out your own workarounds. Apart from that, their dark web monitoring and brand protection are good. If you don't need them, then maybe you should look for something else if all you need is just IOC enrichment. I would rate this review an eight out of ten.

Neutral

Recorded Future is accessed through a web service portal. It is a cloud-based service, hosted either on Amazon or Microsoft. Their services employ sophisticated data mining techniques, resulting in a clear semantic ontology. This is known as "chain link" intelligence referencing in 33 languages.

I use Recorded Future to monitor topics of interest, not only for brand recognition but also for cyber threat intelligence. The solution helps me understand emerging security threats and provides insight into activities such as supply chain delays or shortages of materials. I have also used the solution for open-source intelligence and criminal forensic investigations, as well as data feed analysis to determine evidence that can be used to support high-level business and M&A activities.

Data curation is a service I wrote about in a white paper a decade ago. Active data curation is a specific nuance in different datasets. The Fourth Amendment states that a search or seizure must be conducted with legally entitled authorities and permits. As a consumer of a data set, I have no legal proxy control over the way the data was collected. All of the Amendments do not apply to me as a consumer of a product that is for sale to anyone willing to pay for the fees. Data enrichment processes can be used to collect original data sets, such as from social media platforms, to create a corpus of knowledge for exploration. Companies can do background investigations using similar techniques as Recorded Future, with no outward appearance of the functions being done. Law enforcement can do searches without tipping off targets of their investigation. Data fusion is the process of taking fifty different datasets and using them to create a single, unique dataset to understand an event. Cybersecurity requires understanding every moving piece and part. Recorded Future can do historical analysis to see the difference between them and other structured approaches. By 2025, we can have a recorded history of what has been going on to predict the future and likely outcomes.

There are always going to be what we call disconnected datasets. In many instances, the solution's ability to data mine the Internet and provide me with curated data is very important because sometimes I don't want the target of an investigation or the person I'm looking into to know that I'm doing so. The solution allows me to search the Internet without leaving any trace of my search behavior on a web browser or web service. This is very useful for making sure I don't tip off the person I'm looking into. For example, if I'm trying to understand the vulnerabilities of a cyber supply vendor, if I do a search on them, they will quickly know that I did the search. By being able to do anonymous searches, I can search for the purpose of the dataset and find relevant information or easily disprove different accounts. I can also use the solution for social media investigations to find out if there is any validity in something that is being said. The solution is diverse and provides me with a lot of different mechanisms for evaluation.

There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities. To be clear, what the vendor is doing is of a high standard, and my only critique is that they need to make new enhancements. I am aware that the vendor is making a concerted effort to add additional information to their repository, and it is something they actively do. The vendor has publicly stated that they will work on this, and I always pay attention to make sure they adhere to that. This does not change over time.

The export feature of the recording needs to stop being so restricted. When they record in order to save themselves by operations, I would expect that as a super user, if I asked to download the dataset I'm looking for, I would not be limited in my data downloads. One of the cool things is, let's say we do our entire research and we want to save all of the materials that were returned, and that special custom search that we made, we can export that into a CSV file. The problem is it gets restricted. So sometimes when I say it's restricted, we don't get all the data that we saw online. So then we have to go and manually search for the specific thing we're looking for. I would like to have the URI and whatever value set that I search off, and for the NLP package to not be stripped out. It's like saying I want to do a Pcap analysis. Don't strip out the Pcap when I asked to see Pcap. That's what they're doing. They do this for many different reasons. One of them is, imagine if everyone downloaded datasets that are very large and it brings the whole system down.

I have been using the solution for over ten years.

I have never encountered any problems with stability. I believe their uptime is almost 99.7 percent.

There is no limit to the scalability of Recorded Future due to its smart deployment within the cloud ecosystem. Traditionally, there is a level set that restricts the scalability, but Recorded Future does not have this issue. As long as we have access to the services and a good internet connection, scalability is not a problem. The solution's servers will never suffer due to the way they have set up the cloud.

I had a direct line to the technical support team when I was working at the organization. They had a technology portfolio and I was on the board. They spent a lot of time explaining how the technology works, which is why they were selected by US CyberCom as they had made a strategic investment in making sure they could explain their software. 

The initial setup is not too difficult. One of the advantages is that the system allows us to purchase the service and receive a password and username. This makes it very useful as we don't have to learn every detail. After using the tool for around ninety days, I can confidently say that I have mastered the Recorded Future. In 2019, there was a Recorded Future post that was going to be changed as I was a power user from a different job. I was able to quickly step in and do what would have taken Recorded Future 27 steps to do in just three. It all comes down to being familiar with how the dataset is created and what the more interesting things we can do with it are.

The cost of the solution depends on the level of usage. There appear to be up to five different levels, with the most expensive version costing around $95,000 to $105,000 a year for subscription services. In the hands of an amateur, this amount of money would be wasted. However, an expert user of the system could get a lot of value out of it. For example, at one of the organizations I worked for, I was able to use the system for criminal investigations, vetting of employees, M&A, supply chain analysis, and supply chain evaluation, as well as tracking social media campaigns against the organization. All of this was done with a single license. This shows the value that comes with the right level of training. With the right training, I was able to turn the initial $105,000 investment into a $500,000 report. This resulted in an ROI of almost 80 percent. We were then able to produce a $500,000 report every ten days, resulting in a $21 million profit margin for the year. However, this only works if the user knows how to use the system to its fullest extent. Without the right training, the initial investment would not be worth the cost.

I give the solution a nine out of ten. We always have to compromise something in order to get what we want. This meets 95 percent of our needs, and the other 5 percent we don't care about. When we connect Recorded Future with other products, the value of Recorded Future becomes more apparent. For example, if we have a target of an investigation and they are doing unusual things, such as traveling around the world, there are other products better suited to track that person than Recorded Future. If we understand how to put it together, we can build a higher fidelity of evidence to present in court and prove that the person is doing something.

Recorded Future had a web portal that explained how they could search and meet different criteria. For example, in cyber threat intelligence, if we had an IP address we were concerned about, we could target that IP address and watch all the information being discussed, such as if it was being reported for doing scans or malicious activities. This is important to the operations center as if the IP address starts appearing in the IP log, it can be an early indicator of a potential attack pattern. This means that instead of waiting until the final stage, they can detect it at the reconnaissance level. The technology harvests datasets at large, expensive rates and focuses the search so that they don't have to worry about concatenating the searches. It also has real natural language processing, artificial intelligence, and machine learning which targets the outcome. This means they can spend more time on enrichment and export the data into a spreadsheet or relational database to connect the dots. They can also look back up to 12 to 15 years to gain an understanding of history and predict the future. Imagine what we could do if we looked into the many different aspects of the Marriott card rewards program. We can investigate the Marriott security breach, which began in 2013. It was caused by an attack on a Marriott Hotel, not a Starwood Hotel. We can also delve into history and investigate political claims, which are not always advertised. No matter if it is a Democrat or Republican making the statement, we should always strive for 80 percent truth in the discussion. For example, if someone claims that a Democrat is doxing Ted Cruz, we can investigate and find out that it is a registered Democrat who owns 85 websites that Ted Cruz would use for his re-election campaign. Every four years, this person intentionally makes regulatory statements about Ted Cruz to keep the websites. By looking into the past, we can detect whether a statement is false or correct with a certain degree of certainty.

I am currently working with Recorded Future's cloud solution. We provide Recorded Future to our customers as a reseller. We provide the customers with support on the API integration and the bidirectional integration. Mainly, people want the Threat Intelligence Cloud from Recorded Future.

Most of the threat intelligence cloud platforms are one-directional solutions, and they just fix the feeds from the cloud, so once they need to build a bidirectional tool, the product should have a third-party tool as a TIF solution or an open-source platform, like OpenCTI, or MISP platform, which is also an open-source platform. The open-source platforms allow Recorded Future to have bidirectional to compare the internal IOCs with the external IOCs and get the common IOCs so that the users can have a good visibility of their internal environment and see what the most APT has targeted in your environment. Recorded Future has developed a browser plug-in that is supported on most browsers, like Google Chrome, Edge, and Mozilla, that allows them to compare the feeds through the different platforms and multi-security control platforms to allow them to compare the threat intelligence feeds and the external feeds through the internal feeds. Once users open any vulnerability management or an SIEM solution and install the plug-ins through the platform or through the browser, so they need to open it through the web console, and the web console will have the bidirectional operation at the end of the the graphic user interface through the client itself through the browser.

Recorded Future depends on or relies on just the deep and dark web analysis through their quantum computing and algorithms. Sometimes, the feed is not accurate or valuable. Other threat intelligence platforms or threat intelligence feeds get more accurate feeds because they do their own IR analysis, especially when it comes to tools such as Group-IB or Mandiant that rely on the feeds through the IR teams. Recorded Future is very expensive for Jordan's market. Many of our clients prefer to just see other platforms and choose the ones that can fit their budget.

The tool should improve the email threat intelligence area. There are many compromised emails. The tool should improve its third-party supply chain risks because there is a lack of visibility.

I have been using Recorded Future for three and a half years. My company is a reseller of Recorded Future.

To be honest, as a system integrator, we didn't operate Recorded Future's feature, but as I get feedback from our clients, I know that the tool didn't have any issues with the stability part.

It is a highly scalable solution since it is a SaaS product.

The tool is used in the military sector and different government sectors. There was an enterprise level around, and I know that the government has a huge client base. Recorded Future is provided for the multi-government sector and multiple entities, where the tool is used as a third-party commercial feed, and it already has a comparison sheet with the other commercial feeds, such as Group-IB, Mandiant, and Kaspersky. The feedback I got from our client is that the tool has a huge amount of threat intelligence feeds and storage along with technical information for the indicator of compromise or attack. I can see many of the features of Recorded Future with other commercial feeds. Recorded Future doesn't have the highest accuracy rate when it comes to the commercial feeds it offers. Based on the feedback I got from our customers, they didn't feel there was a return on investment from Recorded Future. Customers had an expensive license but got a tool offering normal value.

I don't have experience with technical support of the solution.

Compared to other tools, Recorded Future's pros are its Intelligence Cards and intuitive graphical user interface. The tool has a plug-in part or the browser plug-in feature. The tool's threat intelligence features could help in comparing the internal feeds with the external feeds, with no need for bidirectional processes. The tool has a one-directional process. What I see with the tool is that it is a very intelligent way to compare the external feed with the internal feed. Most of our clients are complaining about the high false positives of their feeds or the threat intelligence feeds and the expensive subscription activities associated with the tool when I talk about the brand defense or the brand intelligence part of Recorded Future.

ThreatQuotient is a threat intelligence platform, but it doesn't have a commercial feed.

The product's initial setup phase is very intuitive and very easy, as most of the threat intelligence providers, since it can be implemented with API integration.

I believe there's no threat intelligence for on-premises models, but I have worked with two deployments on an on-premises model. The Internet network and other such environments use SaaS products.

The solution is deployed on a hybrid cloud environment because it relies on all the API integrations and interactions with the middleware platform, along with the SaaS platform. The tool doesn't interact with SIEM products directly.

The solution can be deployed in two days. One day is for the implementation, and the second day is for the validation and testing.

I believe the most difficult part in any commercial feeds or threat intelligence feeds is the integration part. If the tool already has some predefined integrations, there is no difficulty. Once you want to integrate a tool with Recorded Future, then for any such new integrations, you should have your API developed or use a third-party firm to operate this process. Everything depends on the complexity of the integrations and the number of resources.

I believe the commercial feeds or the other niche areas can deliver the return on investment better than Recorded Future. Recorded Future segregates the modules into very few subjects, so it has a huge platform, but in the end, any additional Future should be offered as a different subscription, and you should pay through it. There is no bundle, and no one platform gives you the whole tool.

There are two parts to the daily cybersecurity operations. There are two types of customers. Some customers already have solutions that can handle multi-commercial threat intelligence feeds, and the other clients don't have any threat intelligence platform, so they just depend on one threat intelligence commercial feed. The second type of customers can use Recorded Future as a TIF provider. They can integrate the platform with all of their security through the plug-ins and the API integrations offered by the product.

Speaking about the real-time analysis feature of Recorded Future impacting the incident response time, I would say that the tool has an interactive portal. What I mean by the interactive portal is that there are many other threat intelligence fields. The tool gives or provides you with a fixed report, so you can't segregate or delegate some parts of the report to other teams or to a malware analysis team to segregate the duty. There is no segregation possible through the tool's reports. What is unique in Recorded Future is that it can segregate the threat intelligence activity and the threat activity or the threat hunting activity through many teams, such as the malware analysis team with its business intelligence feature. The tool has something called Intelligence Cards, which allows the product to give users more details through any IOC provided.

I have SecDevOps-driven cybersecurity strategies that are supported by Recorded Future. The tool can integrate with a lot of security control and proactive protection devices.

I believe the tool's maintenance depends on the OS users work with, meaning it all relies on the operation system that handles the integrations. Maintaining the tool is unnecessary, as it is a straightforward platform.

My recommendation of the tool to others depends on their use cases. If someone has a lot of enterprise-level skills and teams, such as threat intelligence teams, IR teams, and malware analysis teams, then Recorder Future will facilitate processes like threat enrichment and threat sharing among those teams. For those who are looking for accuracy and to get the right feeds for their investigation, I would not recommend using Recorded Future because there are so many unknown or niche cybersecurity platforms in the market that have more visibility and more accuracy in the area of commercial feeds because I believe such products use the human resources to validate those feeds. Recorded Future doesn't have the capability to validate its feeds. The tool relies on its own algorithm and the government's feeds for the threat intelligence feed. Even with Recorded Future, some of our clients didn't have an IR team to validate their activities to filter the most accurate feeds and avoid noisy feeds.

I rate the tool a seven out of ten.

Recorded Future has some important strengths. It has a long history of success in the market and is known for excellent threat intelligence. Its team is skilled at using AI to search for and report on threats. For many years, it was seen as the best in the industry.

While I don't think the tool is weak, its position isn't as dominant as it once was. Other companies like CrowdStrike and Mandiant are now challenging them in many areas. One downside is that Recorded Future can be complex for customers to use and understand. This isn't easy for clients to navigate.

From my understanding, Mandiant has been offering lower prices on many large client cases over the past year. They've been challenging the pricing model and setup of companies like Recorded Future. This has been difficult for the tool , as they were used to being almost alone in the market. After being bought by Google, Mandiant has gained a lot of power and seems to have more flexibility in pricing.

My main criticism of Recorded Future has been the complexity of its licensing model and the difficulty clients have understanding the different modules. This complexity likely stems from Recorded Future's historical position as a dominant market player, which allowed them to create numerous add-on modules. The pricing for these systems and services is generally quite high.

Initially, these systems required significant manual work, justifying the high costs. However, today, the process is becoming increasingly automated. This puts price pressure on all providers, including Mandiant and others. Despite the challenging market with frequent cyberattacks, I think it will be difficult for these companies to maintain the high prices they've charged in the past.

The solution has a good technical team. It's part of the package that customers buy into. Each client has an account manager and direct access to live customer support. The team responds fast. 

Positive

I'd still recommend Recorded Future for large organizations, but they must understand the business model and pricing. The quality of Recorded Future, Mandiant, and CrowdStrike seems quite similar, though I'm not a deep technical expert. The choice depends on the customer's needs - not all customers need every feature.

I can't definitively say which is better regarding AI technology as I haven't technically compared them myself. The solution might be advantageous due to their extensive experience in the area. However, with Google's resources behind Mandiant, they likely have significant capabilities, too. Google's resources are probably on par with Microsoft's, so they could easily ramp up their technology if needed.

When discussing AI in these threat intelligence setups, clarifying what we mean is important. Often, it's a system of rules analyzing abnormalities and triggering actions. I frequently ask what people mean by AI in different contexts because it often comes down to rules: if certain events occur or parameters are exceeded, what actions should be taken? These systems analyze data in real-time and feed it to the Security Operations Center to create a more efficient setup with fewer false positives.

False positives are a major challenge, especially for smaller companies. If they don't have well-trained IT staff, dealing with numerous false positives can be more trouble than it's worth. I've seen smaller organizations struggle with this - sometimes, it's almost better for them not to have these systems if they can't understand and manage them effectively.

I rate the overall product as nine out of ten. 

The solution helps us check recent threat or attack-based activity on our company domain.

The tool is helpful in vulnerability assessment of zero-day vulnerabilities and phishing domains. The solution provides information on any domains of the organization that has undergone phishing or any other cyberattacks.

The solution highlights zero-day vulnerability on the world wide web within a short period of time. We get a detailed report on what the vulnerability is all about and whether an expert is available for the vulnerability or not.

The product gives many false positives. If someone talks about the brand or organization name in the public domain over chats or blocks, it gets highlighted. It may not necessarily be a threat but still gets highlighted which increases the false positive count.

I have been using the solution for five years.

I would rate the solution’s stability a nine out of ten. I have seen some minor instances where the solution has given false information.

I would rate the solution’s scalability an eight out of ten. Our company has four users for the solution.

I would rate the technical support a ten out of ten because whenever I have approached them with an issue, they have given me a resolution within 24 hours.

Positive

The solution is SaaS-based and deployed over the cloud. The setup is straightforward and everything is available on the tool’s dashboard. We need to provide the tool with the Watch List which contains the company’s name, domain name, or anything that the tool needs to monitor. The tool will report back within one to two days on the Watch List’s update. We can create alerts based on the watches.

The solution has given us ROI.

I would rate the solution’s pricing a seven out of ten.

I would rate the overall tool a nine out of ten. This tool is very useful for threat-related information.