Cyber Threat Analysis (Recorded Future)
Description
The system uses the Recorded Future's platform to streamline CBP Cyber Threat Intelligence (CTI) operations by automating the identification and analysis of relevant cyber threat activity and leverages AI/ML to transform unstructured text into structured data using natural language processing, classify events and entities to prioritize threats, forecast events through predictive modeling, and represent structured knowledge using ontologies. It enables analysts to rapidly assess vulnerabilities in CBP’s IT environment, identify adversary data, and generate cyber risk assessments, providing actionable intelligence to enhance efficiency and support Security Operations and Cyber Risk Management investigations.
Detailed example
Actionable intelligence supporting Security Operations Center (SOC) and Cyber Risk Management (CRM) investigations and reports.
AI / analytics pattern
Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.
Automation level / stage
c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.
Expected benefit
Cyber Threat Analysis quickly populates query results when searching against adversary tactics, techniques, and procedures, establishing a threat scorecard. This service can also provide cyber risk scorecards for third party vendors, companies, and organizations.
Controls / human review
ATO: No; PIA: Not published
Data needed
Recorded Future AI is trained on over 10 years of threat analysis from Insikt Group, the company’s threat research division, and is combined with the insights of the Recorded Future Intelligence Graph.