May 7, 2020 • Tyler Bradshaw
As a security professional, have you ever felt like the mythological Greek king Sisyphus, doomed to forever roll a giant boulder up a hill, only to have it fall back down before it reaches the top? If so, you’re not alone.
Investigating alerts, incidents, and vulnerabilities can feel like a stressful, tedious, and never-ending race against relentless attackers. But it doesn’t have to be that way.
Recorded Future Express: Instant Intelligence for Free
Our free browser extension, Recorded Future Express, gives security professionals immediate access to security intelligence collected from the broadest range of open, closed, dark, and technical sources — right at their fingertips. By using Express directly over any web-based SIEM, vulnerability management solution, security blog, webpage, and more, users can instantly prioritize indicators of compromise (IOCs) based on real-time risk scores. This critical context empowers individuals across every security function by helping them make better, faster decisions.
Every security program is unique, so there are numerous ways Express can be used to supercharge risk reduction. As you start your security intelligence journey or extend to new use cases, here are four high-value applications to consider:
1. Address SIEM Alerts
Alert overload has been a long-time challenge for security operations and incident response analysts, and as corporate networks grow in size and complexity, so does this issue. In fact, most enterprises today see more than 10,000 alerts daily. Investigating all of them is simply out of the question. Instead, these teams need a way to narrow efforts and focus triage on the alerts that present the greatest risk.
Express makes SIEM alert prioritization easy. Our risk scores on IPs, domains, hashes, and vulnerabilities constantly update in real-time to provide a current snapshot of risk severity, making it easy to hone in on high-risk IOCs. By enabling “in-page risk scores” within Express, users can layer security intelligence directly over their SIEM to keep workflows intact. Use the browser extension to boost an investigation with more relevant risk information, such as seeing whether or not an IP is a current command-and-control (C2) server.
2. Prioritize Vulnerability Patching
In 2019, there were more than 12,000 vulnerabilities reported and classified through CVE — and more than 1,000 of them were deemed “critical.” With limited context (and even less time), many vulnerability management teams struggle to prioritize remediation decisions. Patching the wrong things could mean costly downtime and wasted resources. Worse, it could put the organization in real and present danger.
With Express, teams gain situational awareness over all barriers to entry. Risk scoring based on real-time exploitation trends helps analysts prioritize efforts. These real-time risk scores can be viewed directly on a webpage — for example, as you’re reading Microsoft’s “Patch Tuesday” alert — or directly over your vulnerability management solution.
3. Enhance Phishing and Malware Analysis
Generating sandbox or phishing reports is a time- and resource-intensive process in and of itself, and incident response teams trying to read and analyze these lengthy reports often end up with more questions than answers.
Incident response teams can overlay Express on these reports to instantly pinpoint and prioritize high-risk IPs and domains that require investigation — dramatically short-circuiting the time needed for event handling. This real-time context drives faster malware detection and response to mitigate risk.
4. Become an Elite Intelligence Analyst — Instantly
With access to up-to-the-minute intelligence right on any page or tool, anyone can become an elite intelligence analyst — no expensive training or CPEs required! From reading your favorite security industry blogs and browsing emails, to monitoring your tech stack for vulnerabilities or analyzing SIEM data, you’re armed with insights to bridge skills gaps, boost confidence, speed response, and amplify your impact.
We’re proud to offer this powerful intelligence tool to security professionals everywhere — at no cost. As we extend our collaborations with the security intelligence community and continuously innovate based on our users’ evolving needs and invaluable insights, we look forward to sharing new enhancements down the road.
Don’t keep rolling that stone up the hill on an infinite loop. See how Recorded Future Express can help you prioritize what matters, enrich indicators, jump-start investigations, and achieve your ultimate goal of dramatically reducing risk.
To install and use Express for free, sign up now.