What advice do you have for others considering Recorded Future?

There are two parts to the daily cybersecurity operations. There are two types of customers. Some customers already have solutions that can handle multi-commercial threat intelligence feeds, and the other clients don't have any threat intelligence platform, so they just depend on one threat intelligence commercial feed. The second type of customers can use Recorded Future as a TIF provider. They can integrate the platform with all of their security through the plug-ins and the API integrations offered by the product. Speaking about the real-time analysis feature of Recorded Future impacting the incident response time, I would say that the tool has an interactive portal. What I mean by the interactive portal is that there are many other threat intelligence fields. The tool gives or provides you with a fixed report, so you can't segregate or delegate some parts of the report to other teams or to a malware analysis team to segregate the duty. There is no segregation possible through the tool's reports. What is unique in Recorded Future is that it can segregate the threat intelligence activity and the threat activity or the threat hunting activity through many teams, such as the malware analysis team with its business intelligence feature. The tool has something called Intelligence Cards, which allows the product to give users more details through any IOC provided. I have SecDevOps-driven cybersecurity strategies that are supported by Recorded Future. The tool can integrate with a lot of security control and proactive protection devices. I believe the tool's maintenance depends on the OS users work with, meaning it all relies on the operation system that handles the integrations. Maintaining the tool is unnecessary, as it is a straightforward platform. My recommendation of the tool to others depends on their use cases. If someone has a lot of enterprise-level skills and teams, such as threat intelligence teams, IR teams, and malware analysis teams, then Recorder Future will facilitate processes like threat enrichment and threat sharing among those teams. For those who are looking for accuracy and to get the right feeds for their investigation, I would not recommend using Recorded Future because there are so many unknown or niche cybersecurity platforms in the market that have more visibility and more accuracy in the area of commercial feeds because I believe such products use the human resources to validate those feeds. Recorded Future doesn't have the capability to validate its feeds. The tool relies on its own algorithm and the government's feeds for the threat intelligence feed. Even with Recorded Future, some of our clients didn't have an IR team to validate their activities to filter the most accurate feeds and avoid noisy feeds. I rate the tool a seven out of ten.

I'd still recommend Recorded Future for large organizations, but they must understand the business model and pricing. The quality of Recorded Future, Mandiant, and CrowdStrike seems quite similar, though I'm not a deep technical expert. The choice depends on the customer's needs - not all customers need every feature. I can't definitively say which is better regarding AI technology as I haven't technically compared them myself. The solution might be advantageous due to their extensive experience in the area. However, with Google's resources behind Mandiant, they likely have significant capabilities, too. Google's resources are probably on par with Microsoft's, so they could easily ramp up their technology if needed. When discussing AI in these threat intelligence setups, clarifying what we mean is important. Often, it's a system of rules analyzing abnormalities and triggering actions. I frequently ask what people mean by AI in different contexts because it often comes down to rules: if certain events occur or parameters are exceeded, what actions should be taken? These systems analyze data in real-time and feed it to the Security Operations Center to create a more efficient setup with fewer false positives. False positives are a major challenge, especially for smaller companies. If they don't have well-trained IT staff, dealing with numerous false positives can be more trouble than it's worth. I've seen smaller organizations struggle with this - sometimes, it's almost better for them not to have these systems if they can't understand and manage them effectively. I rate the overall product as nine out of ten.

Organizations must have at least two dedicated technicians working with the solution since the learning curve is a little big. To use the solution to its maximum capacity for the first year, having at least two technicians working with Recorded Future is better. Overall, I rate Recorded Future ten out of ten.

Recorded Future covers the whole area of social media in terms of threat detection. I would suggest it to everyone as it is a very user-friendly platform that detects all things related to your domain, from the dark web to social media. Overall, I would rate the solution an eight out of ten.

I rate Recorded Future nine out of ten.

I rate Recorded Future seven out of 10. I can recommend Recorded Future, depending on a company's budget and the features it needs.

At the moment the solution is hosted on a SaaS. It's hosted on their own cloud that they are managing. We only have access to a part that is completely isolated from other customers and in another area. As far as I know, we are using the latest version of the solution. As it's cloud-based, it's constantly updated independently. If a company is ready to introduce the solution, my main recommendation would be to have a really, really good threat intelligence team working on-site beforehand. If you don't have a good design or a good knowledge of threat intelligence you will never get the insights you need or use the tool to its full potential. I'd rate the solution nine out of ten. It's quite an expensive solution. If it was less expensive, I'd likely rate it higher.