Recorded Future

Last updated
Recorded Future, Inc.
Company type Privately held
Industry Cybersecurity, threat intelligence
Founded2009
Founders Christopher Ahlberg,
Staffan Truvé
Headquarters
Somerville, Massachusetts
,
United States
Number of locations
 Washington, D.C.,
Gothenburg, Sweden,
London, United Kingdom,
Singapore,
Tokyo, Japan
Area served
Worldwide
ProductsIntelligence Cloud, Brand Intelligence, SecOps Intelligence, Identity Intelligence, Vulnerability Intelligence, Attack Surface Intelligence, Third-Party Intelligence, Payment Fraud Intelligence
Number of employees
1000 (July 2023)
Website www.recordedfuture.com

Recorded Future is a privately held cybersecurity company founded in 2009, with headquarters in Somerville, Massachusetts.

Contents

History

In 2007, co-founders Christopher Ahlberg and Staffan Truvé, both Ph.D.s in computer science from Chalmers University of Technology, filed for Recorded Future's first patent (granted in 2013 as United States patent US8468153B2) – Data Analysis System with Automated Query and Visualization Environment Setup. [1] The patent was used for continuous collection and processing of data and information from sources across the open, deep, and dark web, facilitated by machine learning. Recorded Future was officially incorporated in 2009. [2]

The company received initial funding from Google and In-Q-Tel, which was reported in a July 2010 introduction to Recorded Future published by Wired . [3]

When it decided that its algorithms and visualization software matched needs within the intelligence community, [4] Recorded Future entered the cyber threat intelligence market in January 2012.

In 2014, the company launched Recorded Future Dark Web, integrating open and dark web sourcing as well as dark web forum access and analysis.

In 2016, Recorded Future was named a partner for threat intelligence by Splunk, [5] Palo Alto Networks, [6] and Vencore GEOINT. [7]

In May 2017, Recorded Future introduced Insikt Group, [8] the company's threat intelligence research arm. The word "insikt" is Swedish, a nod to Recorded Future's co-founders, and means "insight." Insikt Group is responsible for delivering analyst-generated assessments, insights, and recommended actions to customers and the public.

In May 2019, New York-based private equity firm Insight Partners acquired Recorded Future for $780 million. [9]

In November 2019, the company opened a second office in Somerville with the goal of building a "campus" in the Davis Square area. Recorded Future currently employs more than 430 people around the world. [10]

In 2020, the company announced the establishment of The Record from Recorded Future News , a cybersecurity focused news outlet. [11]

In April 2023, the company launched Recorded Future AI, built on a trained OpenAI GPT model which combines insight from Insikt Group with over 100 terabytes of text, images, and technical data, the Recorded Future Intelligence Cloud. [12]

Products

The company specializes in the collection, processing, analysis, and dissemination of threat intelligence. Recorded Future uses machine learning and natural language processing methods to continuously collect and organize data from open web, dark web, and technical sources. The resulting information is displayed within a software-as-a-service portal.

Recorded Future's product is called the Recorded Future Intelligence Cloud.

Using what they call a "Temporal Analytics Engine," Recorded Future provides forecasting and analysis tools to help analysts predict future events by scanning sources on the internet, and extracting, measuring, and visualizing the information to show networks and patterns in the past, present, and future. [13] As of 2015, the engine was described as "Web Intelligence Engine." [14] Likewise, the Washington Post, in an article authored by Stewart Baker, the former General Counsel of the National Security Agency (1992–1994), which had described the company as a predictive analytics web intelligence firm deleted the term upon request of RF. [15] The software analyzes sources and forms "invisible links" between documents to find links that tie them together and may possibly indicate the entities and events involved.

Clients initially included the financial sector with quantitative investors, with the company transitioning in 2013 to providing cyber security solutions, to companies such as SITA. [16]

Organization

The company was founded in 2009 by Christopher Ahlberg [14] and had 20 employees as of November 2011. [17] Google Ventures and In-Q-Tel invested "under $10 million each" into the Recorded Future shortly after the company was founded. Google published this on May 3, 2010 [18] In-Q-Tel is an investment arm of the CIA. [19] As of 2015, it had partnerships with IBM, HP ArcSight, Cimation, Ethnographic Edge, Tiberium Security, and Malformity Labs LLC per its company profile published by Businessweek. [14]

Analysis

Red Echo Report

In 2021, Recorded Future's Insikt Group identified the China-linked group RedEcho, which targeted 10 distinct Indian organizations in the power generation and transmission sector and two organizations in the maritime sector. [20]

China Vulnerability Database Report

In November 2017, Recorded Future published analysis asserting that the Ministry of State Security (China) influences or alters their National Vulnerability Database (CNNVD) to coverup espionage activities. [21] According to the analysis, "vulnerabilities commonly exploited by malware linked to Chinese APT groups" are incompatible with CNNVD publication practices. The company presented further analysis in March 2018, at the Kaspersky Labs Analyst Summit, presenting evidence that the Chinese government retroactively changed the original publication dates. [22] [23]

Al-Qaeda report

In May 2014, Recorded Future released a report called "How Al-Qaeda Uses Encryption Post-Snowden (Part 1)." [24] Part 2 of the report was released on August 1, 2014, supposedly with a strengthened "earlier hypothesis about Snowden leaks influencing Al-Qaeda’s crypto product innovation." On the same day National Public Radio aired Recorded Future claims of "tangible evidence" that Edward Snowden harmed national security by prompting terrorists to develop more sophisticated encryption programs. [25] Glenn Greenwald and Andrew Fishman criticized Recorded Future's report did not prove causation between Snowden's leak and improved encryption by al-Qaeda. [26]

Occupy Wall Street Media Monitoring Report

In 2011, Recorded Future reported "gaining online momentum for the Occupy Wall Street movement. When we look more carefully at influencers in this discussion using our Influencer Map, we find that Iran Press TV is the second largest influencer after the U.S. media!" [27]

China Lockdown Protests Report

In December 2022, Recorded Future released a report detailing a network of bot account on social media that disseminated spam and irrelevant comments under legitimate posts about the 2022 protests in China, including posts with hashtags that contained the names of Chinese cities. The report suggests that the Chinese government is the most likely source of the spam attack. The bots used pornography or randomized word strings to divert discussions of protests, targeting Mandarin speakers on a variety of social media platforms. [28]

Controversies

In April 2015, a coding website accused Recorded Future of violating internet privacy by analyzing private Facebook messages, which it denied. The accusation was disproven when the assumed private link for private Facebook chat was found posted publicly online via a server log. [16]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Analytics is the systematic computational analysis of data or statistics. It is used for the discovery, interpretation, and communication of meaningful patterns in data. It also entails applying data patterns toward effective decision-making. It can be valuable in areas rich with recorded information; analytics relies on the simultaneous application of statistics, computer programming, and operations research to quantify performance.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

<span class="mw-page-title-main">UC Browser</span> Chinese web browser developed by UCWeb Inc

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India and Indonesia, and the second most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

<span class="mw-page-title-main">Splunk</span> American technology company

Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a web-style interface.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

Behavioral analytics is a recent advancement in business analytics that reveals new insights into the behavior of consumers on eCommerce platforms, online games, web and mobile applications, and Internet of Things (IoT). The rapid increase in the volume of raw event data generated by the digital world enables methods that go beyond demographics and other traditional metrics that tell us what kind of people took what actions in the past. Behavioral analysis focuses on understanding how consumers act and why, enabling predictions about how they are likely to act in the future. It enables marketers to make the right offers to consumer segments at the right time.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

The following outline is provided as an overview of and topical guide to computer security:

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

NOBUS is a term used by the United States National Security Agency (NSA) to describe a known security vulnerability that it believes the United States (US) alone can exploit. As technology and encryption advance, entities around the globe are gravitating towards common platforms and systems, such as Microsoft, Linux, and Apple. This convergence in usage creates a conflict between patching system vulnerabilities to protect one's own information, and exploiting the same system vulnerabilities to discover information about an adversary. To handle this conflict, the NSA developed the NOBUS system in which they evaluate the likelihood that an adversary would be able to exploit a known vulnerability in a system. If they determine the vulnerability is only exploitable by the NSA for reasons such as computational resources, budget, or skill set, they label it as NOBUS and will not move to patch it, but rather leave it open to exploit against current or future targets. Broadly, the concept of NOBUS refers to the gap in signals intelligence (SIGINT) capabilities between the US and the rest of the world. Critics believe that this approach to signals intelligence poses more of a threat to the US than an advantage as the abilities of other entities progress and the market for buying vulnerabilities evolves.

Cyber threat hunting is a proactive cyber defence activity. It is "the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions." This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), malware sandbox and SIEM systems, which typically involve an investigation of evidence-based data after there has been a warning of a potential threat.

A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.

<span class="mw-page-title-main">Snowden effect</span>

In 2013, Edward Snowden, a former NSA contractor, leaked NSA documents that revealed the agency was collecting data from the electronic communications of United States citizens. Other disclosures included information about PRISM, the agency's data collection program, a surveillance metadata collection and XKeyscore, which supplies federated search capabilities for all NSA databases. Since that time, there have been perceptible increases in the general public's knowledge about the U.S. government's cybersecurity initiatives and awareness of how those initiatives have impacted the privacy of individuals, businesses and foreign governments.

<span class="mw-page-title-main">Sixgill</span> Israeli B2B cyber intelligence company

Sixgill is an Israeli B2B cyber intelligence company that analyses and monitors the deep web and dark web for threat intelligence. The company was founded in 2014 and is headquartered in Tel Aviv, Israel.

MachEye is an American technology company that produces software using natural search and AI-powered analytics. Its software presents data insights as interactive audio-visuals.

The China Information Technology Security Evaluation Center is the cover identity of the 13th Bureau of the Ministry of State Security, the information technology component of China's civilian spy agency which houses much of its technical cyber expertise. The bureau manages much of the conduct of cyberespionage for the agency, and provides aid to the many advanced persistent threats (APTs) run directly by the agency, by its semi-autonomous provincial State Security Departments (SSD) and municipal State Security Bureaus (SSB), and by contractors. In support of provincial state and party leadership, the bureau also runs its own semi-autonomous provincial Information Technology Security Evaluation Centers (ITSEC) in collaboration with provincial counterparts. In the past these ITSECs have been identified collaborating with APTs run by provincial state security units. The bureau also manages the Chinese National Vulnerability Database (CNNVD), where it has been found to selectively suppress or delay public reporting of certain zero-day vulnerabilities.

Intel 471 is a cybersecurity company that specializes in providing actionable threat intelligence to organizations worldwide. It was founded in 2014 by Jason Passwaters and Mark Arena. Intel 471 Inc. is incorporated in Wilmington, Delaware, US.

References

  1. "Information service for facts extracted from differing sources on a wide area network".
  2. "Recorded Future acquired by private equity firm for $780 million". SearchSecurity. Retrieved 2022-06-24.
  3. Shachtman, Noah (July 28, 2010). "Exclusive: Google, CIA Invest in 'Future' of Web Monitoring". WIRED.
  4. Temple-Raston, Dina (October 8, 2012). "Predicting The Future: Fantasy Or A Good Algorithm?". NPR.
  5. Kodama, Matt (February 22, 2016). "Announcing Recorded Future for Splunk". Recorded Future. Retrieved January 2, 2020. Enrichment dashboards show intel on-demand inside Splunk, while monitoring and correlation dashboards apply our threat intel to your events and infrastructure.
  6. Wong, Glenn (April 4, 2016). "Announcing Recorded Future for Palo Alto Networks". Recorded Future. Retrieved January 2, 2020. We're very excited to join the Palo Alto Networks NextWave Technology Partners Program.
  7. McKeon, Amanda (May 17, 2016). "Announcing Recorded Future and Vencore GEOINT Partnership". Recorded Future. Retrieved January 2, 2020. We're very excited to announce a partnership with Vencore to combine our unique open source intelligence (OSINT) datasets with its geospatial system integration and analytic capabilities.
  8. Future, Recorded. "Recorded Future Launches Threat Research Arm to Enhance Threat Intelligence Offering". www.prnewswire.com (Press release). Retrieved 2021-03-11.
  9. Miller, Ron (May 30, 2019). "Insight Partners acquires threat intel company Recorded Future for $780M". TechCrunch.
  10. Maffei, Lucia (October 28, 2019). "Threat intel firm to open new office, add 130 jobs in the Boston area". Boston Business Journal.
  11. "Launching the Cyber Intelligence News Site The Record". www.recordedfuture.com. Retrieved 2022-06-24.
  12. eliasgroll (2023-04-11). "Recorded Future offers peek at the AI future of threat intelligence". CyberScoop. Retrieved 2023-07-14.
  13. Holliday, Maynard; Holden, Chris (July 15, 2014). "Advanced Web-Based Temporal Analytics for Arms Control Verification and Compliance". Science & Diplomacy. 3 (3).
  14. 1 2 3 "Recorded Future, Inc". BusinessWeek. Archived from the original on March 14, 2011. Retrieved July 29, 2010.
  15. Stewart Baker (August 3, 2014). "As evidence mounts, it's getting harder to defend Edward Snowden". Washington Post. Retrieved 31 May 2015. "While this may seem like splitting hairs, in the world of data analysis software "predictive analytics" has specific technical meaning which implies something different. We use the term web intelligence to reduce this confusion."
  16. 1 2 Cale Guthrie Weissman (May 26, 2015). "Inside the company that can predict the future by analyzing every piece of information on the web". Business Insider. Retrieved May 31, 2015.
  17. Cheshire, Tom (November 10, 2011). "The News Forecast". Wired UK. Retrieved December 25, 2011.
  18. Mastrull, Amanda (May 4, 2010). "Google invests in company, Recorded Future, that tries to predict the future". The New York Daily News. Retrieved July 29, 2010.
  19. Shachtman, Noah (July 28, 2010). "Exclusive: Google, CIA Invest in 'Future' of Web Monitoring". Wired. Retrieved July 29, 2010.
  20. "China Appears to Warn India: Push Too Hard and the Lights Could Go Out". NY Times. March 1, 2021.
  21. Recorded Future (November 20, 2017). "China's Ministry of State Security Likely Influences National Network Vulnerability Publications". Recorded Future. Retrieved November 17, 2017.
  22. ALFRED NG (March 9, 2018). "China isn't being honest with its vulnerabilities database". CNET. Retrieved March 8, 2018.
  23. Insikt (March 9, 2018). "China Altered Public Vulnerability Data to Conceal MSS Influence". Recorded Future. Retrieved March 8, 2018.
  24. C (May 8, 2014). "How Al-Qaeda Uses Encryption Post-Snowden (Part 1)". Recorded Future. Retrieved August 14, 2014. The timeline above tells a compelling story showing how four to five months after the Snowden disclosures both mainstream AQ, as well as the break-off group ISIS, launches three new encryption tools.
  25. Dina Temple-Raston (August 14, 2014). "Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior". Morning Edition. National Public Radio. Retrieved August 14, 2014.
  26. Glenn Greenwald; Andrew Fishman (August 12, 2014). "NPR Is Laundering CIA Talking Points to Make You Scared of NSA Reporting". The Intercept. First Look Productions, Inc. Retrieved August 14, 2014.
  27. Holden (October 1, 2014). "Iran's Growing Influence & Occupy Wall Street Protests". Recorded Future. Retrieved August 14, 2014.
  28. Milmo, Dan (5 December 2022). "China accused of flooding social media with spam to crowd out protest news". The Guardian. Retrieved 5 December 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.