I am currently working with Recorded Future's cloud solution. We provide Recorded Future to our customers as a reseller. We provide the customers with support on the API integration and the bidirectional integration. Mainly, people want the Threat Intelligence Cloud from Recorded Future.

Most of the threat intelligence cloud platforms are one-directional solutions, and they just fix the feeds from the cloud, so once they need to build a bidirectional tool, the product should have a third-party tool as a TIF solution or an open-source platform, like OpenCTI, or MISP platform, which is also an open-source platform. The open-source platforms allow Recorded Future to have bidirectional to compare the internal IOCs with the external IOCs and get the common IOCs so that the users can have a good visibility of their internal environment and see what the most APT has targeted in your environment. Recorded Future has developed a browser plug-in that is supported on most browsers, like Google Chrome, Edge, and Mozilla, that allows them to compare the feeds through the different platforms and multi-security control platforms to allow them to compare the threat intelligence feeds and the external feeds through the internal feeds. Once users open any vulnerability management or an SIEM solution and install the plug-ins through the platform or through the browser, so they need to open it through the web console, and the web console will have the bidirectional operation at the end of the the graphic user interface through the client itself through the browser.

Recorded Future depends on or relies on just the deep and dark web analysis through their quantum computing and algorithms. Sometimes, the feed is not accurate or valuable. Other threat intelligence platforms or threat intelligence feeds get more accurate feeds because they do their own IR analysis, especially when it comes to tools such as Group-IB or Mandiant that rely on the feeds through the IR teams. Recorded Future is very expensive for Jordan's market. Many of our clients prefer to just see other platforms and choose the ones that can fit their budget.

The tool should improve the email threat intelligence area. There are many compromised emails. The tool should improve its third-party supply chain risks because there is a lack of visibility.

I have been using Recorded Future for three and a half years. My company is a reseller of Recorded Future.

To be honest, as a system integrator, we didn't operate Recorded Future's feature, but as I get feedback from our clients, I know that the tool didn't have any issues with the stability part.

It is a highly scalable solution since it is a SaaS product.

The tool is used in the military sector and different government sectors. There was an enterprise level around, and I know that the government has a huge client base. Recorded Future is provided for the multi-government sector and multiple entities, where the tool is used as a third-party commercial feed, and it already has a comparison sheet with the other commercial feeds, such as Group-IB, Mandiant, and Kaspersky. The feedback I got from our client is that the tool has a huge amount of threat intelligence feeds and storage along with technical information for the indicator of compromise or attack. I can see many of the features of Recorded Future with other commercial feeds. Recorded Future doesn't have the highest accuracy rate when it comes to the commercial feeds it offers. Based on the feedback I got from our customers, they didn't feel there was a return on investment from Recorded Future. Customers had an expensive license but got a tool offering normal value.

I don't have experience with technical support of the solution.

Compared to other tools, Recorded Future's pros are its Intelligence Cards and intuitive graphical user interface. The tool has a plug-in part or the browser plug-in feature. The tool's threat intelligence features could help in comparing the internal feeds with the external feeds, with no need for bidirectional processes. The tool has a one-directional process. What I see with the tool is that it is a very intelligent way to compare the external feed with the internal feed. Most of our clients are complaining about the high false positives of their feeds or the threat intelligence feeds and the expensive subscription activities associated with the tool when I talk about the brand defense or the brand intelligence part of Recorded Future.

ThreatQuotient is a threat intelligence platform, but it doesn't have a commercial feed.

The product's initial setup phase is very intuitive and very easy, as most of the threat intelligence providers, since it can be implemented with API integration.

I believe there's no threat intelligence for on-premises models, but I have worked with two deployments on an on-premises model. The Internet network and other such environments use SaaS products.

The solution is deployed on a hybrid cloud environment because it relies on all the API integrations and interactions with the middleware platform, along with the SaaS platform. The tool doesn't interact with SIEM products directly.

The solution can be deployed in two days. One day is for the implementation, and the second day is for the validation and testing.

I believe the most difficult part in any commercial feeds or threat intelligence feeds is the integration part. If the tool already has some predefined integrations, there is no difficulty. Once you want to integrate a tool with Recorded Future, then for any such new integrations, you should have your API developed or use a third-party firm to operate this process. Everything depends on the complexity of the integrations and the number of resources.

I believe the commercial feeds or the other niche areas can deliver the return on investment better than Recorded Future. Recorded Future segregates the modules into very few subjects, so it has a huge platform, but in the end, any additional Future should be offered as a different subscription, and you should pay through it. There is no bundle, and no one platform gives you the whole tool.

There are two parts to the daily cybersecurity operations. There are two types of customers. Some customers already have solutions that can handle multi-commercial threat intelligence feeds, and the other clients don't have any threat intelligence platform, so they just depend on one threat intelligence commercial feed. The second type of customers can use Recorded Future as a TIF provider. They can integrate the platform with all of their security through the plug-ins and the API integrations offered by the product.

Speaking about the real-time analysis feature of Recorded Future impacting the incident response time, I would say that the tool has an interactive portal. What I mean by the interactive portal is that there are many other threat intelligence fields. The tool gives or provides you with a fixed report, so you can't segregate or delegate some parts of the report to other teams or to a malware analysis team to segregate the duty. There is no segregation possible through the tool's reports. What is unique in Recorded Future is that it can segregate the threat intelligence activity and the threat activity or the threat hunting activity through many teams, such as the malware analysis team with its business intelligence feature. The tool has something called Intelligence Cards, which allows the product to give users more details through any IOC provided.

I have SecDevOps-driven cybersecurity strategies that are supported by Recorded Future. The tool can integrate with a lot of security control and proactive protection devices.

I believe the tool's maintenance depends on the OS users work with, meaning it all relies on the operation system that handles the integrations. Maintaining the tool is unnecessary, as it is a straightforward platform.

My recommendation of the tool to others depends on their use cases. If someone has a lot of enterprise-level skills and teams, such as threat intelligence teams, IR teams, and malware analysis teams, then Recorder Future will facilitate processes like threat enrichment and threat sharing among those teams. For those who are looking for accuracy and to get the right feeds for their investigation, I would not recommend using Recorded Future because there are so many unknown or niche cybersecurity platforms in the market that have more visibility and more accuracy in the area of commercial feeds because I believe such products use the human resources to validate those feeds. Recorded Future doesn't have the capability to validate its feeds. The tool relies on its own algorithm and the government's feeds for the threat intelligence feed. Even with Recorded Future, some of our clients didn't have an IR team to validate their activities to filter the most accurate feeds and avoid noisy feeds.

I rate the tool a seven out of ten.

Recorded Future has some important strengths. It has a long history of success in the market and is known for excellent threat intelligence. Its team is skilled at using AI to search for and report on threats. For many years, it was seen as the best in the industry.

While I don't think the tool is weak, its position isn't as dominant as it once was. Other companies like CrowdStrike and Mandiant are now challenging them in many areas. One downside is that Recorded Future can be complex for customers to use and understand. This isn't easy for clients to navigate.

From my understanding, Mandiant has been offering lower prices on many large client cases over the past year. They've been challenging the pricing model and setup of companies like Recorded Future. This has been difficult for the tool , as they were used to being almost alone in the market. After being bought by Google, Mandiant has gained a lot of power and seems to have more flexibility in pricing.

My main criticism of Recorded Future has been the complexity of its licensing model and the difficulty clients have understanding the different modules. This complexity likely stems from Recorded Future's historical position as a dominant market player, which allowed them to create numerous add-on modules. The pricing for these systems and services is generally quite high.

Initially, these systems required significant manual work, justifying the high costs. However, today, the process is becoming increasingly automated. This puts price pressure on all providers, including Mandiant and others. Despite the challenging market with frequent cyberattacks, I think it will be difficult for these companies to maintain the high prices they've charged in the past.

The solution has a good technical team. It's part of the package that customers buy into. Each client has an account manager and direct access to live customer support. The team responds fast.

I'd still recommend Recorded Future for large organizations, but they must understand the business model and pricing. The quality of Recorded Future, Mandiant, and CrowdStrike seems quite similar, though I'm not a deep technical expert. The choice depends on the customer's needs - not all customers need every feature.

I can't definitively say which is better regarding AI technology as I haven't technically compared them myself. The solution might be advantageous due to their extensive experience in the area. However, with Google's resources behind Mandiant, they likely have significant capabilities, too. Google's resources are probably on par with Microsoft's, so they could easily ramp up their technology if needed.

When discussing AI in these threat intelligence setups, clarifying what we mean is important. Often, it's a system of rules analyzing abnormalities and triggering actions. I frequently ask what people mean by AI in different contexts because it often comes down to rules: if certain events occur or parameters are exceeded, what actions should be taken? These systems analyze data in real-time and feed it to the Security Operations Center to create a more efficient setup with fewer false positives.

False positives are a major challenge, especially for smaller companies. If they don't have well-trained IT staff, dealing with numerous false positives can be more trouble than it's worth. I've seen smaller organizations struggle with this - sometimes, it's almost better for them not to have these systems if they can't understand and manage them effectively.

I rate the overall product as nine out of ten.

We used Recorded Future to find many things like passwords captured in the dark net and websites selling other information regarding our domains. We use the solution to search for our brand or other institutions on the darknet.

Recorded Future helps our organization to be a step ahead of future attacks.

The most valuable feature of Recorded Future is how it detects everything regarding our domain.

Recorded Future is a very expensive solution, and its pricing could be improved.

We recently acquired Recorded Future.

Recorded Future is a stable solution, and we haven't experienced any downtime with it.

Recorded Future is a scalable solution. Around five users are using the solution in our organization. We are spread across the country and have around 30,000 endpoints for Recorded Future.

We are still learning how to use the solution. I think Recorded Future has a normal deployment or a normal learning curve.

It takes around three months to deploy the solution.

Before choosing Recorded Future, we evaluated other options like Mandiant and FortiRecon. We chose Recorded Future because it gives much better results.

Organizations must have at least two dedicated technicians working with the solution since the learning curve is a little big. To use the solution to its maximum capacity for the first year, having at least two technicians working with Recorded Future is better.

Overall, I rate Recorded Future ten out of ten.

Recorded Future integrates well with other security solutions in a security stack. It is one of the best things you can spend your money on to obtain better results that are more tailored to your organization.

From the feedback I've received from my clients, the most valuable feature is the ability to personalize the solution. The ability to have a customized dashboard makes it easy for leadership and management to obtain details. Intelligence analysts or security engineers care about the actions and results, whereas the leadership care about graphs and reports. Recorded Future helps my clients create reports and also determine how the intelligence that is generated is consumed. They can easily show the benefits to the leadership without them having to invest 10 hours a week into transferring numbers into a graph or into creating reports.

At present, my clients need to be trained by me or another organization on how to use Recorded Future and how to get the best out of it as an analyst, engineer, and administrator. It would be better if clients could directly learn these things without having to go through me or other organizations.

I've been using Recorded Future for three years. I have worked with it deployed both on-premises and on AWS cloud.

The uptime of the solution is great. I've encountered only a few situations in the past where I needed to use Recorded Future and it wasn't immediately accessible. However, I was able to access it after about three hours.

It's definitely scalable.

My experience with technical support has been okay.

I found the initial setup to be easy. On-premises deployments take a few hours, and cloud deployments may take longer. Depending on the client and their level of expertise, the integration of the solution may taka a few months to two years.

I usually deploy the solution myself for my clients.

The biggest disadvantage of Recorded Future is the cost here in Eastern Europe. The solution is correctly priced for big companies who have the money to invest in such solutions. Also, the solution is useless on its own, which means that you have to invest in other solutions with which Recorded Future can be integrated.

At present, Recorded Future can cost 60,000 euros per year. I am able to offer my clients a 5% to 10% discount, but in this region, the cost is still prohibitive even with the discount.

If Recorded Future were more flexible in terms of price, there would be better sales opportunities in Europe and Eastern Europe, in particular, because we have more small- and medium-sized companies here.

Recorded Future is a great tool overall for threat intelligence. I think it's one of the best to add to an organization's security stack. However, the licensing costs are extremely high for small- to medium-sized companies. As such, I would rate it at nine on a scale from one to ten, with one being the worst and ten being the best.