Case Study

Bringing Threat Intelligence to Security Playbooks

Why Recorded Future Customers Choose Splunk SOAR

Recorded Future

Around 40,000 security professionals across 22 industries and six continents depend on Recorded Future for best-of-breed threat intelligence. Recorded Future collects and analyzes vast amounts of data to deliver relevant cyber threat insights in real time. This intelligence allows their customers to improve detection and response, which helps their security teams make better decisions faster. 

Without using automation and orchestration, I don't see how companies are going to be able to face the challenges that they have today. With everything that's going on, companies are overwhelmed. Humans can't do it by themselves.
Seth Whitten, VP of Integrations and Strategic Partnerships

Meet Seth Whitten, VP of integrations and strategic partnerships at Recorded Future. We sat down with him to talk about the Splunk and Recorded Future partnership, and how the Splunk SOAR integration has made an impact. “Our largest integration right now is Splunk Enterprise,” he says. “For us, it was natural to move into Splunk SOAR. We have a lot of clients who are driving events out of their SIEM tools, and want to be able to better act on them.”

We use natural language processing and artificial intelligence to correlate data and make it available for clients to use when solving problems.
Seth Whitten, VP of Integrations and Strategic Partnerships
Why Splunk SOAR?

Prior to Splunk SOAR, Recorded Future clients would conduct their operations manually. “They would have to go into our platform, pull out the information they were looking for, and make a decision on whether or not to move forward when investigating an alert or triaging things in their environment,” Seth says.

With Splunk SOAR Recorded Future customers can automate those otherwise manual, repetitive security operations tasks. Security alerts that previously took minutes or hours to resolve, now only take seconds with Splunk SOAR’s automation capabilities. As a result, Recorded Future customers have increased their operational efficiency and significantly reduced response time to security events.

Seth says his favorite part of Splunk SOAR is the way his team can structure playbooks. “It's easier for us to work with Splunk SOAR in the field because we have the predefined playbooks that we can get up and running for clients a lot quicker, without taking them through the redesigning process,” he says.

Our clients want to be able to get through all of their alerts. They want to prioritize them. They want to act. They want to drive outcomes. Splunk SOAR was a natural place for us to put our data to help drive action around those outcomes.
Seth Whitten, VP of Integrations and Strategic Partnerships
Recorded Future & Splunk SOAR

Splunk SOAR playbooks automate a sequence of security actions at machine speed, enabling clients to create customized and repeatable security workflows. For example, a Splunk SOAR playbook can instruct your sandbox to detonate a file, or tell your endpoint security tool to quarantine a device. With more than 100 predefined, out-of-the-box playbooks, Splunk SOAR helps customers ensure that they have a repeatable and auditable process around security operations.

The integration with Recorded Future gives those playbooks access to threat intelligence data. When an alert is passed over to Splunk SOAR — either from Splunk Enterprise Security or as a new artifact — a playbook is invoked, which is automatically enriched with risk scores and associated context from Recorded Future. The playbook’s decision logic can determine if the alert needs to be escalated to a human analyst if it’s risky, or passed over if it’s not. As Splunk SOAR helps remove false positives from the flow, human analysts have more time to focus on larger problems.

Top Three Benefits
  • Identify threats 10% faster
  • Respond to events 63% quicker
  • 32% increase in overall efficiency