2. “Automation is extremely important to
us… it’s not about IOCs,detections,or
alerts,it’s about something we can act on,
prevent,and respond to.”
– Timothy Lee,
CISO for the City of Los Angeles
3. What is Threat Intelligence?
Recorded Future defines
‘Threat Intelligence’ as data
collected and indexed from
sources including dark web,
open web, technical, customer
telemetry etc., that has been
organized, analyzed and
delivered to understand the
threat landscape including
threat actors, the malicious
infrastructure they are
building, their tactics,
behaviors, and targets.
From coarse-grained to fine-grained data bits and blocks
Integrations
Modules
Actionable
Channels
Analyze
Organize Deliver
Intelligence
GraphTM
Technical
Sources
Open Web
Sources
Dark Web
Sources
Insikt Group®
Research
Customer
Signals
4. Data Science
Ontology & LLMs
● Largest Intelligence Graph built
from 100+TB of text, images and
technical data
● Largest NLP tagged OSINT for
cyber, geopolitics and more
● Largest holdings of criminal
darkweb & messaging data
● Largest global company cyber
ontology for internet-facing
attack surfaces
● Largest community of
intelligence users
● First Intelligence provider to
integrate Large Language Models
5. The Intelligence Cycle
Faster, more confident speed-to-knowledge
Threat Intelligence enables organizations to make faster and effective data-driven
security decisions and shift from being reactive to proactive in defending their critical
assets from attackers.
Processing
Planning
and
Direction
Collection
Analysis
and
Production
Dissemination
and
Feedback
Planning
and
Direction
Analysis
and
Production
Dissemination
and
Feedback
Traditional
Intelligence Cycle
Intelligence Cycle
With Machine Speed
Collection
and
Processing
More sources/data
Linguistics
Ontologies
6. Intelligence in Action with Splunk
Accelerating existing workflows
Your
Security
Team
How can I automate SOC
processes to streamline manual
processes?
Can I eliminate repetitive,
manual work?
How can I get out of reaction
mode?
What do I know about
this IOC?
Is this a malicious file?
What should I be paying
attention to first?
What is the biggest risk
in my environment?
Prioritize
What types of security
control gaps do I have?
How can I better protect my
organization from potential
attacks?
Investigate
Automate
Strategize
7. Intelligence in Action with Splunk
Splunk Recorded Future Integration Alignment
Building an
essential
security
foundation
- Security monitoring
- Incident management
Splunk Enterprise and Splunk ES
● Threat detection and monitoring of Recorded Future alerts
● Correlation with Recorded Future risk lists
● Enrichment of IOCs in Splunk Enterprise
Advanced
analytics &
investigations
- Advanced threat detection
- Threat hunting
- Incident management
Splunk Enterprise
● Sigma Rules
Splunk Enterprise Security
● Risk-based alerting
● Notable events with enrichment
Unified
security
operations
- Automation & orchestration Splunk SOAR Sub-playbooks for ease of use
● Enrichment
● Sandbox detonation
● Threat hunting
● Custom workflows
How intelligence-led security achieves positive outcomes
8. Splunk + Recorded Future Datasheets
https://splunkbase.splunk.com/app/4920
https://go.recordedfuture.com/hubfs/data-sheets/splunk.pdf https://go.recordedfuture.com/hubfs/data-sheets/splunk-soar.pdf
9. Splunk + Recorded Future Case Studies
https://go.recordedfuture.com/hubfs/case-studies/nkom.pdf
https://go.recordedfuture.com/hubfs/case-studies/nov.pdf
https://go.recordedfuture.com/hubfs/case-studies/daimler-case-study.pdf