Launching a Game-Changing Threat Intelligence Platform
Major corporations are hacked every day, suffering devastating consequences to their finances, operations, and reputations. In 2009, a company called Recorded Future burst onto the scene with a game-changing solution: a real-time threat intelligence product that offered cyber security professionals the ability to proactively defend their organizations against cyber attacks.
Recorded Future’s founders envisioned this platform doing two vitally important things. First, they wanted it to be able to analyze the entire Web, so analysts could access real-time intelligence about security issues. Secondly, they wanted to arm cyber security professionals with the situational awareness they’d need to accurately prioritize the level of risk attached to each threat, creating a system that would structure information around an event’s context—including the actors involved, the type of event, and when it would take place.
“…they wanted to arm cyber security professionals with the situational awareness they’d need to accurately prioritize the level of risk attached to each threat.”
The Challenge
Much of what constitutes potential intelligence threats online is not in English. The ability to track and understand threats in Chinese, Russian, Farsi, and Arabic is crucial for cyber security professionals, who often don’t have anyone on their team who is fluent in these languages.
Because of this, Recorded Future’s founders—Christopher Ahlberg, Erik Wistrand, and Staffan Truve—needed the platform to incorporate multilingual text analysis. Specifically, the system needed entity extraction to automatically find entities (people, locations, organizations) mentioned in unstructured text.
Why Rosette?
To get that functionality, the company’s founders reached out to the founders of BasisTech, Carl Hoffman and Steve Cohen, with whom they’d worked in the past. BasisTech’s Rosette platform provided Recorded Future with the suite of tools it needed to extract meaningful intelligence from unstructured text in many languages.
Ahlberg, Wikstrand, and Truve suggested making Recorded Future the guinea pig for BasisTech’s new startup program, conceived to make BasisTech’s best ideas and innovations accessible to high-impact, early-stage companies.
“Without Rosette, we would have had to originate similar capabilities ourselves, which certainly would have set us back a lot in terms of both time and cost. And both of those things are deadly for a startup.”
“When the company founders set out to create Recorded Future, they didn’t want to reinvent the wheel in terms of the things Rosette already did really well,” says Recorded Future VP of Product Matt Kodama. “Without Rosette, we would have had to originate similar capabilities ourselves, which certainly would have set us back a lot in terms of both time and cost. And both of those things are deadly for a startup. You only have so many resources when you get started and investors don’t want to see you squandering them on things for which there is already a great solution.”
Rosette also provides language identification, down to sentence by sentence if needed, and parses text into paragraphs, sentences, and words. Says Kodama, “The Rosette suite answers the question, ‘What is this text? Is it a person? Is it a company? Is it an organization? Is it a product? Is it a geographic location?’
“Within our market, this layer is actually quite unique. What most people are doing is a much more basic level of analysis, and all of the higher order analysis, like ‘This is a person’ or ‘This is an organization’ gets punted.”
Recorded Future offers cyber security teams two core advantages: speed and scale. The amount of information the product can analyze and the speed with which it can go from having observed a document to providing intelligent information leaps and bounds faster than the speed at which a human could perform the same tasks. Additionally, Recorded Future’s automated threat analysis allows cyber security teams to scale and focus on higher-level analysis tasks rather than manual data collection and analysis.
“Recorded Future can go from having observed a document to providing intelligent information leaps and bounds faster than the speed at which a human could…”
The Results
Although the company launched just seven years ago, Recorded Future has already become the threat intelligence solution of choice for four out of five of the top companies in the world. As adoption of this type of threat intelligence capability grows among large companies, Recorded Future’s growth is predicted to be strong.
Currently, Recorded Future supports deep dive language analysis for languages including English, French, Spanish, Chinese, Russian, Farsi, and Arabic.
Says Kodama, “The great thing about BasisTech is that they want to work with companies that will take the core technology they’ve created and produce very specific applications of it. That’s what we’ve done. We’re not trying to be all things for all people. We’re very specifically about threat intelligence from sources on the web. And without BasisTech, we wouldn’t be able to do what we do.”