Recorded Future organizes the web for analysis of past and future cyber security events, which enables analysts to generate meaningful threat intelligence to more accurately and proactively defend their organization.
To enable this, unstructured text from internet forums, websites, paste sites, news articles, blogs, tweets, etc. is transformed into structured information, which can be visualized for human analysis, aggregated to support (algorithmic) quantitative analysis, and analyzed to detect anomalies and trends. The end goal is to forecast future events and even create automated predictive models. To ensure threat intelligence is accurate and quickly actionable, it’s critical that it’s based on a standardized ontology to ensure a consistent integration with security products and other intelligence sources, and enable confusion-free collaboration with analyst teams.
This white paper introduces the data model that underpins Recorded Future’s real-time threat intelligence solution. It describes what entities are involved in representing cyber threats, vulnerabilities, and attacks, how these entities are related in our cyber ontology, and how cyber events represent relationships between different involved entities.
We’re not alone in trying to structure the complex world of cyber security. According to MITRE, STIX™ is “a collaborative community driven attempt to define and develop a standardized language to represent structured cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible.”
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program