Item: Recorded Future Intelligence Cloud
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

We mainly use RF for our brand-monitoring, to maintain our reputation and for monitoring partner companies. They offer scanning of a wide range of the internet, be it public sources like various pastebins, github, or social media, as well as forums on the darknet. This helps identifying if any company assets have been leaked (by employees unintentionally as well as through potential fraudsters). Additionally it helps us with identifying the severity of vulnerabilities by assessing how many POCs are available or how often certain vulnerabilities are mentioned in related channels.

Pros and Cons

Everything they find is also available in their own cache. So for example if a pastebin expired, you can still view it later on.
The risk score of vulnerabilities shows actual malicious activity. Image the CVS-Score is medium, but there is a lot of exploit chatter, you want to prioritize fixing this vulnerability.
Their watchlists are easy to set up and offer monitoring your tech-stack, peers, persons of special interest, etc.

E-Mail reports can show unrelated content, especially sometimes you'll see alerts popping up for articles which have been published years ago but for some reason were just recently discovered by RF.
Yara rules from their insikt blog sometimes are not syntactically correct and need to be manually edited to actually work. There's some proper QA missing.
Their global and 3rd party risk reports could be more tailored towards the industries of their client. There is entries for totally unrelated security incidents. Of course a global list aims to find incidents on a global view, but it doesn't add much value at that point.

Return on Investment

We've been able to identify leaked credentials and close those accounts off.
We've also been able to identify malware being distributed or spam being sent out by customers using our infrastructure. Again we could shut off those accounts.
Their domain-monitoring allows us to identify typo-squats and issue domain-takedowns for those (or at least add them to our monitoring / detection)

Alternatives Considered

Can't disclose those here unfortunately.

Support Rating

I've had an issue with their browser-plugin which didn't want to authenticate correctly. RF's support could arrange for a session with me and identify and solve the issue. I was very pleased how serious they took my problems and also how knowledgeable they are.

If I have more general questions they quickly reply and most likely also have a solution at hand.

Key Insights

Do you think Recorded Future Intelligence Cloud delivers good value for the price?

Yes

Are you happy with Recorded Future Intelligence Cloud's feature set?

Yes

Did Recorded Future Intelligence Cloud live up to sales and marketing promises?

Yes

Did implementation of Recorded Future Intelligence Cloud go as expected?

Yes

Would you buy Recorded Future Intelligence Cloud again?

Yes

Likelihood to Recommend

If you need to know who talks about your company, if it maybe even is a target you should consider using RF. As my company is providing services for resellers, we are also concerned about which customers these resellers attract as they can impact other customers using our shared infrastructure. Evaluating risk of partners or of products is another feature I'm using here.

So far it didn't help much identifying the reputation of IP-addresses, that's probably also due to the nature of my requests which are not necessarily covered by RF.

Brand-monitoring, reputation and risk-assessment in one tool.

Overall Satisfaction with Recorded Future