Recorded Future plans to tap 10 of its solution provider partners to help construct integrations with software from other security operations, incident response, and vulnerability management vendors.
The Somerville, Mass.-based threat intelligence vendor said it expects to encounter security vendors with the money, but not the staff, to build integrations into Recorded Future as the company grows its new Connect Xchange technology partner community from 14 vendors as of today's launch to 50 by the end of the year, according to Scott Todaro, Recorded Future's vice president of marketing.
When this situation arises, Todaro said Recorded Future intends to approach existing channel partners with exceptional knowledge of the company's product and API and offer them the opportunity to architect these integrations and make some money.
[RELATED: 9 Security Trends To Watch For At RSA 2018]
"If they know our API, it's easy to figure out how to write to our API," Todaro said.
Although all of the inaugural Connect Xchange vendor participants were able to construct integrations on their own, Todaro said the channel's expertise should become more relevant as Recorded Future starts bringing on new technology partners that have never worked with the company before.
Putting the integration together offers solution providers the chance to learn more about both vendors' products and become a preferred provider, Todaro said. And instead of getting thrown right away into a big project, Todaro said partners can learn about the other vendor's products on the fly as part of the lightweight integration.
Solution providers would ideally have experience working with the vendor that's being integrated with Recorded Future, but Todaro acknowledged that some channel partners might not have relationships with both companies right away. In the initial stage, Todaro said he's most focused on getting partners that know the Recorded Future product well.
The multi-vendor integrations could cost anywhere from $15,000 to between $80,000 and $100,000 depending on the complexity and how deep the partnering vendor wants the integration to go, Todaro said. Todaro said more basic integrations will pull intelligence data out of the products, analyze it, and make it accessible in a database through threat intelligence cards.
Highly-customized integrations quickly become more complex since Recorded Future has so many different types of information that could potentially be integrated including domains, hashes, and IP derived from the open web, dark web, or technical sources, Todaro said. Clients that are very specialized in a particular vertical such as financial services might opt for more customization, Todaro said.
Complex integrations typically take a longer period of time to complete and require more testing cycles, which Todaro said drives up the cost. Todaro said client retention rates will be used to assess the effectiveness of the Connect Xchange program since the ability to get more data into the right systems is expected to create a happier base of customers.
Recorded Future's technology partner community will focus initially on security operations vendors since SIEM products sometimes leave security professionals wading through vast amount of data to find just a single relevant alert, missing critical threats in the process.
The company will additionally look to team up with incident response teams to address barriers related to the lack of detailed context around artifacts, inefficient manual research processes, and offerings with a limited scope. Finally, Recorded Future will seek out partnerships with vulnerability management vendors since businesses often have too little information to quickly justify and prioritize patching.
The inaugural members of Recorded Future Connect Xchange are: Brinqa, Cofense, DFLabs, DomainTools, EclecticIQ, Farsight Security, IBM QRadar, IBM Resilient, LogRhythm, Palo Alto Networks, ProtectWise, ReversingLabs, Tenable, ThreatConnect, and Versive.
Connect Xchange should make it easier for customers to merge internal, day-to-day threat data already available to clients with external, open-source intelligence available from places like Recorded Future, according to Ryan Morris, managing partner at Annapolis, Md.-based BAI.
Recorded Future specializes in external data from places like the dark web, online forums, and customer sites that are valid, but broader in nature rather than specific to a particular customer, Morris said. By merging what's happening on a customer's network with open-source intelligence, Morris said customers can create curated threat intelligence that reduces their threat surface in a big way.
Businesses simply can't move quickly enough today to keep up with all of the technology that's at their fingertips, Morris said. But by merging Recorded Future with existing systems and processes that customers already have in place, Morris said clients can dramatically reduce their time to value.
"It's going to make it immediately digestible for customers," Morris said. "If these integrations weren't in place, they wouldn't know how to consume it."