Category Archives: company

Leadership and Buy-In Help Protect BT’s Global Networks

BT is a global telecommunications giant, headquartered in London with over 100,000 employees all over the world. In addition to telephone services in Great Britain, BT provides broadband internet, fiber-optic communications, digital television, and even supply chain management services. They also provide IT and network security services.

Our guest today is Mark Hughes, who served as the CEO of BT Security from 2013 to 2018. He oversaw the security of BT’s internal networks and assets, as well as the services they provide to outside clients. He shares with us his techniques for building effective, collaborative security teams, how he earns buy-in from both his colleagues and his board of directors, and the importance of threat intelligence. He’ll also share his experience gearing up for the 2012 London Olympic Games, and why he thinks it was a milestone moment for cybersecurity.

This podcast was produced in partnership with the CyberWire.

The post Leadership and Buy-In Help Protect BT’s Global Networks appeared first on Recorded Future.


Fortifying the Cybersecurity of Federal Agencies With the CDM Program

Any organizations and agencies that are required to comply with Continuous Diagnostics and Mitigation (CDM) standards and are looking to incorporate a threat intelligence solution into their existing security program can now rely on Recorded Future — we’ve just been approved to deliver critical cyber capabilities in support of the Department of Homeland Security’s CDM program.

What Is the CDM Program?

Government networks and systems control critical infrastructure and contain sensitive data on all sorts of topics — things like the personal information of citizens, healthcare data, energy grid controls, or sensitive intelligence represent just a few. But the bureaucracies that support many of these systems are better known for their stability and administrative capacities than their ability to quickly adapt to change. This presents a stiff challenge in the rapidly evolving world of cybersecurity.

Leaning into their regulatory strengths, the U.S. government — specifically, the Department of Homeland Security (DHS), in response to a directive from the Office of Management and Budget — has created the Continuous Diagnostics and Mitigation (CDM) program to fortify the cybersecurity of federal departments and agencies. The program consists of a series of cybersecurity standards alongside approved commercial tools that meet those standards — the idea is for the CDM program to provide agencies with the capabilities and tools to monitor vulnerabilities in and threats to their network in near real-time, helping them identify and prioritize risks. Overall, the program is meant “to support technical modernization as threats change,” according to the DHS’s website.

Aspects of the CDM Program

The standards defined in the CDM program consist of fifteen tool functional areas (TFAs), developed with guidance from the National Institute of Standards and Technology (NIST), that outline the major subsections of cybersecurity topics that agencies should have the technical capabilities to enforce.

For example, here are two tool functional areas, TFA 11 and TFA 15 (the full list can be found here):

  • TFA 11 — Respond to Contingencies and Incidents: The goal of this function is to prevent any repeats of previous attacks and limit the impact of ongoing attacks. Tools that meet the standards for TFA 11 should be able to appropriately respond to and end ongoing attacks, and also identify ways to prevent recurring attacks, by auditing information, performing forensic analysis within a network, and so on, providing context and enriching internal data.
  • TFA 15 — Manage Operation Security: The goal of this function is to prevent attackers from exploiting vulnerabilities through the use of functional and operational control limits. This also helps managers prioritize risk and decide when to authorize systems operations or not. Tools meeting this standard should be able to provide the context that helps support leadership decisions, like by helping understand prior failures in a system and by providing accurate and relevant risk assessments.

To meet these compliance standards, an agency will install sensors in order to perform an automated search for known cyber flaws, which then feed into a dashboard that produces customized reports alerting on the most critical risks. These prioritized alerts “enable agencies to efficiently allocate resources based on the severity of the risk.” The tracked results helps the federal government get a broad overview and improve security postures across agency networks. The CDM program also approves certain “industry-leading, commercial off-the-shelf tools” that meet these TFA standards and, if possible, integrate well together.

CDM Technical Requirements and Recorded Future

The kind of automated alerting and reporting called for by CDM program standards is right in line with the threat intelligence that Recorded Future produces. Threat intelligence is an integral part of each step in a truly proactive security strategy. As such, Recorded Future is available on the CDM approved product list (APL) for the two tool functional areas mentioned previously:

  • TFA 11 — Respond to Contingencies and Incidents: Recorded Future threat intelligence provides unique insights into the tactics, techniques, and procedures associated with threats. This valuable context is used to limit the impact of an existing attack through early discovery and targeted remediation. Threat intelligence is also used to develop and implement a threat prevention strategy based on known threats targeting agencies.
  • TFA 15 — Manage Operation Security: Recorded Future helps agencies understand their exposure to risk based on their specific hardware and software solutions as well as their digital assets. With real-time access to vulnerabilities exploited in the wild, compromised credentials, and IP addresses, agencies can better understand where to focus resources to reduce risk and reduce unplanned downtime.

Integrations With CDM Solutions

In addition to addressing the TFAs above, Recorded Future integrates with several third-party solutions to provide a more complete solution. Examples include:

  • SIEM: Integration with SIEM solutions provides valuable external threat data to find threats faster by correlating with internal network activity data. Rich context for alerts presented directly in the SIEM interface accelerates alert triage and incident response.
  • Incident Response: Threat intelligence integrated into incident response systems in real time provides the necessary context to develop accurate and effective mitigation strategies.


Threat intelligence provides agencies with valuable external context and advance notice of targeted threats. This valuable intelligence drives a proactive security strategy and effective response to incidents. As part of the CDM program, Recorded Future helps government agencies meet specific requirements in CDM to respond to contingencies and incidents and manage operation security. The ability to integrate with security tools such as SIEM and incident response platforms extends the value of threat intelligence to multiple functional areas and teams within an agency’s security program.

To learn more about the ways Recorded Future can help governments protect critical infrastructure, systems, and data, check out our updated government solutions page or request a personalized demo today.

The post Fortifying the Cybersecurity of Federal Agencies With the CDM Program appeared first on Recorded Future.


Bringing Collaboration to Real-Time Data Feeds

Our guest today is Aaron Gee-Clough. He’s chief technology officer for King & Union, a company that aims to bring increased collaboration to threat intelligence analysts, allowing them to more easily visualize and manage threat data in real time.

We discuss the benefits and challenges in bringing meaningful, actionable threat intelligence to small and mid-sized organizations, what he thinks machine learning can and cannot bring to the table, the distinction between threat intelligence and lists of bad IPs, and how many organizations are already exercising their impulse to collaborate and share information, even if they’re doing it in unofficial or inefficient ways.

This podcast was produced in partnership with the CyberWire.

The post Bringing Collaboration to Real-Time Data Feeds appeared first on Recorded Future.


Controlling Online Access in Yemen’s War Zone

Recorded Future’s Insikt Group recently published research titled “Underlying Dimensions of Yemen’s Civil War: Control of the Internet.” It’s a detailed analysis of the role the internet has played in Yemen’s ongoing bloody conflict, as rival factions fight to gain control of information, access, and infrastructure. Local and international interests all come into play.

Here to guide us through the research are Recorded Future’s Winnona DeSombre, threat intelligence researcher, and Greg Lesnewich, threat intelligence analyst.

This podcast was produced in partnership with the CyberWire.

The post Controlling Online Access in Yemen’s War Zone appeared first on Recorded Future.


Bringing Intelligence Community Experience to the Private Sector

Our guest today is Jason Kichen. He’s director of cybersecurity services at Versive, a cybersecurity company that delivers advanced threat detection and automation.

Prior to Versive, Jason spent nearly 15 years in the U.S. Intelligence Community as an expert in technical and offensive cyber operations. He was responsible for the design and execution of advanced technical operations all over the world. He has two Director of National Intelligence Meritorious Unit Citations and a National Intelligence Professional Award from the National Counterproliferation Center.

We’ll learn about his experience in the intelligence community, how it differs from the private sector, and the challenges he faced transitioning between the two. We’ll get his take on threat intelligence and how he thinks organizations can build effective security teams.

This podcast was produced in partnership with the CyberWire.

The post Bringing Intelligence Community Experience to the Private Sector appeared first on Recorded Future.


The What? So What? And the Why? Why? Why?

Today we welcome Maggie McDaniel, senior director of Insikt Group at Recorded Future. She’s had leadership positions in the U.S. government intelligence community, as well as the financial services sector.

We’ll be discussing her recent blog post, “Communicating Threat Intelligence Relevance.” In it, she describes a framework that helps get to the core of what matters, helps explain what it means for your organization, and provides justification to the powers that be, all while improving communications throughout the company.

This podcast was produced in partnership with the CyberWire.

The post The What? So What? And the Why? Why? Why? appeared first on Recorded Future.


Bringing Government Experience to Financial Services Security

Joining us today is Derrick Pendleton. He’s a senior digital forensic incident response analyst at Legg Mason in Baltimore. He shares his experience cutting his teeth on security within the federal government, the specific benefits he believes that environment provided, and how he’s brought those skills to his work protecting the employees, partners, and customers of Legg Mason, one of the largest asset management firms in the world.

We’ll get his take on threat intelligence and incident response, as well as his words of wisdom for folks looking to get a start in the security business.

This podcast was produced in partnership with the CyberWire.

The post Bringing Government Experience to Financial Services Security appeared first on Recorded Future.


Thwarting Organized Crime and Protecting Major Telecoms

Our guest today is Dale Drew. He’s chief security officer at Zayo Group, a global provider of communications, colocation, and cloud infrastructure. Previously, he’s held leadership positions at some of the largest and most influential telecommunications companies in the world, including CenturyLink, Level 3 Communications, and MCI Communications.

He shares the story of his unlikely start in the security industry, sparked by a stolen family checkbook, which led to a position with the Arizona Attorney General’s office, working to fight organized crime and racketeering.

We’ll get his views on threat intelligence, and we’ll learn why he’s leading an effort to champion open source tools in the industry.

This podcast was produced in partnership with the CyberWire.

The post Thwarting Organized Crime and Protecting Major Telecoms appeared first on Recorded Future.


Mastering Threat Intelligence at RFUN 2018

Recorded Future employees, partners, customers, and threat intelligence experts gathered again this year for the seventh annual Recorded Future User Network (RFUN) conference, held from October 22 to 24 at the InterContinental hotel in Washington, D.C.’s newly revitalized Wharf district alongside the Potomac River.

This year’s conference, with a theme of “Mastering Security With Intelligence,” saw the biggest turnout since RFUN began — over 400 attendees were joined by a cohort of Recorded Future staff to discuss the increasingly essential role that threat intelligence plays in any security program.

The two-day event saw talks from subject-matter experts, training sessions, and networking opportunities over abundant food and drink — including an exclusive evening at the National Air and Space Museum.


“The digital realm is becoming our reality,” said Christopher Ahlberg, Recorded Future’s CEO and co-founder, in his keynote address. “The need for effective cyber threat intelligence to defeat our adversaries is clearer than ever.”

Highlighting the idea that connecting everything also makes everything vulnerable to attack, Ahlberg explored the growing importance of quantifying cyber risk when making business decisions. Quoting Christopher Ambrose, the vice president of research at Gartner, he noted, “By 2022, cybersecurity ratings will become as important as credit ratings when assessing the risk of existing and new business relationships.”

Alexander Schlager, the head of Verizon’s Security Services product organization, came to similar conclusions in his address. “The security landscape is a battlefield, and the battle is intensifying,” he said, noting that organizations can successfully shift their security stance from reactive to proactive only by incorporating risk assessment — specifically, by effectively leveraging cyber threat intelligence — into the design, implementation, management, and adaptability of their security programs.

Speakers throughout the event touched on similar themes. Some focused on how vulnerabilities no longer just put our personal data at risk, but impact essential processes and infrastructure that affect our health and safety, highlighting the need for effective threat intelligence in the public sector. Geoff Brown, for example, shared his experiences as the CISO of New York City, where he oversees over one hundred departments and agencies and spearheads massive projects, like an effort to provide free Wi-Fi citywide.

Other talks looked at the criminal underground, noting shifting trends like how cybercriminals now leverage cryptocurrencies to perform financial transactions, adopting pricing and service models that resemble real businesses.

Some presenters looked more closely at how advanced tactics and technologies developed by nation-states are being increasingly re-employed by criminals and competing intelligence agencies with devastating purpose.


Throughout RFUN 2018, extensive training sessions were led by Recorded Future experts to ensure that attendees knew how to maximize their use of the threat intelligence they produce using Recorded Future, getting hands-on experience and learning about the latest features in the product.

Training session topics included tips on creating a bespoke daily intelligence digest using Recorded Future; best practices for threat hunting, vulnerability management, and alert cleanup; how to leverage Intelligence Cards; tips on evaluating the threat intelligence you’re currently getting; how to produce effective intelligence reports; and much more.


RFUN attendees had a chance to interact with our valued technology partners at a lunch event at The Anthem, an exclusive music venue and auditorium on the D.C. waterfront. Our wide range of sponsors shows just how broadly Recorded Future integrates with other solutions — our partners specialize in TIPs, SIEMs, SOARs, incident response platforms, deep analysis, cybersecurity training and learning resources, industrial control systems, and more.

This year’s 14 sponsors were Cofense, EclecticIQ, ReversingLabs, LogRhythm, Farsight Security, Palo Alto Networks, TruStar, Verizon, Cybrary, DFLabs, King & Union, Dragos, ThreatConnect, and IBM Resilient.

The highlight of RFUN 2018 for many was the evening reception held at the National Air and Space Museum, where everyone had the chance to tour hundreds of the most significant objects in aviation and space history, representing some of humanity’s greatest achievements. A live band called Silver Arrow (headed by one of Recorded Future’s own) kicked off the night under the shadow of the Hubble Space Telescope, and guests were also treated to complimentary showings of “Dark Universe” in the Albert Einstein Planetarium.

Together with our sponsors, partners, and customers, we’re creating a community of defenders that’s transforming the way threat intelligence is used to outsmart our enemies.

If you’ve heard the buzz but are still unsure what Recorded Future is all about, learn more by requesting a demo.

See you at RFUN 2019!

The post Mastering Threat Intelligence at RFUN 2018 appeared first on Recorded Future.