What is our primary use case?
Recorded Future covers a lot of different use cases. For example, we are using it for threat intelligence research. We do use the tool to make active research on what is found around the threat. We look at patterns, for example, and see what can be elaborated on from that.
In another use case, we use it to get all the IOCs registered and use it after that to allow other intelligence technologies to feed into that to prevent any issues for customers.
We can also use it for active monitoring in the customer interface. We can monitor the business side of a campaign. We can monitor for specific threats or market activity on the dashboard. We can develop queries to run in a continuous mode in order to get the best reviews.
How has it helped my organization?
With all the related IOCs we were able to provide really deep information about the impact, about where we are with the big campaign, and also provide tools that were a priority to be a preventative block on the customer side. It was helpful in that sense.
What is most valuable?
As a threat intelligence tool, it's very helpful.
The stability is very good.
Technical support has been helpful.
It's really easy to create dashboards and modify them to fit what you need.
What needs improvement?
The product is too big. The vast majority of data you have. You can run queries and you can get more data than you probably want, and you have to take a deep dive a lot of the time.
The solution would benefit from introducing automation. When you are running a query just to get the data you're looking for, the result comes back so big, as it will be able to return a lot of results from different sources. Sometimes it could be a bit messy. Automation would help streamline and simplify.
The tool can be pricey, especially for smaller companies.
For how long have I used the solution?
I was working with the tool in November. I've used it in the last 18 months or so.
What do I think about the stability of the solution?
I have a good impression of the stability of the product. Any time that we needed it, it was there. It is always up and running and we didn't have any issues with it. There are no bugs or glitches, for example, and it didn't crash or freeze.
What do I think about the scalability of the solution?
We haven't attempted to scale or optimize the solution. I can't say how easy or difficult the process would be.
We only have one license feed and have up to ten users on it. We're already beginning to increase usage a bit.
How are customer service and technical support?
Technical support has been pretty good so far. I haven't had any issues with them. We're quite satisfied with the level of service provided.
Which solution did I use previously and why did I switch?
I didn't previously use a different solution.
How was the initial setup?
By the time I joined the company, the tool was already in place. Therefore, I can't speak to the initial implementation or deployment process. I can't say if it was difficult or simple or how long it took.
As a cloud solution, it doesn't require much maintenance. Anything else, such as automation using a document, would be on our side, and we'd update it as needed.
What was our ROI?
We haven't seen an ROI. The area that it was used for, as a report, initially was assigned to be used internally only and after that, we decided to try it out as a service to our customers. However, we never sold that service, so we never got a return immediately.
What's my experience with pricing, setup cost, and licensing?
The pricing is quite high compared to other intelligence tools.
The licensing is based on the user and also the amount of usage. It's expensive in terms of what you can get. You need to be a very sizable company in order to get any real value as it's quite a sizable tool. There are other tools on the market that are less expensive - especially for smaller companies.
There aren't any additional costs above the standard licensing fee, although there are some add-ons you can get that can expand the solution's capabilities.
What other advice do I have?
At the moment the solution is hosted on a SaaS. It's hosted on their own cloud that they are managing. We only have access to a part that is completely isolated from other customers and in another area.
As far as I know, we are using the latest version of the solution. As it's cloud-based, it's constantly updated independently.
If a company is ready to introduce the solution, my main recommendation would be to have a really, really good threat intelligence team working on-site beforehand. If you don't have a good design or a good knowledge of threat intelligence you will never get the insights you need or use the tool to its full potential.
I'd rate the solution nine out of ten. It's quite an expensive solution. If it was less expensive, I'd likely rate it higher.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.