Jason Steer, Recorded Future: On building a ‘digital twin’ of global threats

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


Recorded Future combines over a decade (and counting) of global threat data with machine learning and human expertise to provide actionable insights to security analysts.

AI News caught up with Jason Steer, Chief Information Security Officer at Recorded Future, to learn how the company provides enterprises with critical decision advantages.

AI News: What is Recorded Future’s Intelligence Graph?

Jason Steer: Recorded Future has been capturing information gathered from the internet, dark web and technical sources for over a decade and makes it available for analysis through its Intelligence Cloud. 

Just as many industrial companies today are creating “digital twins” of their products, we aim to build a digital twin of the world, representing all entities and events that are talked about on the internet — with a particular focus on threat intelligence.  Graph theory is a key method of describing complex relationships in a way that allows for algorithmic analysis.

Put simply, the Intelligence Graph is that representation of the world, and our goal is to make this information available at the fingertips of all security analysts to help them work faster and better.

AN: How can enterprises make use of the insights that it provides?

JS: Intelligence ultimately is about providing ‘decision advantage’ – giving insights for our clients that identify an issue or risk earlier and minimize or mitigate its impact. 

This may be a SOC Level1 analyst reviewing an alert for an endpoint, a CISO considering future threats to prepare for, a seasoned threat analyst researching and tracking threats from state-sponsored actors, or a team that looks at strategic global geopolitical trends or physical security risks, Recorded Future’s intelligence is there to support the mission.

One key area that has evolved is the need for intelligence to be in the tools and workflows our clients have in place. Intelligence should be integrated into a SIEM, EDR tool, SOAR tool, and other security controls to provide context and accelerate ‘good’ decision making.

Intelligence enables decision-making to be performed faster; with better context and at scale to allow enterprises to deal with the growing amount of security events they deal with every day. 

AN: Recorded Future combines machine learning with human expertise – how often do you find that human input has proved vital?

JS: Human input is vital; humans can spot patterns and insights that computers never will. 

One thing that we are realising is that intelligence is not just a human-to-computer interaction anymore, clients need to talk to humans to get guidance.

But the biggest change is computer-to-computer. The uptake of APIs now enables real-time sharing of intelligence to enable real-time decisions to be made – the faster you can move the smaller a window of risk can be.   

AN: Are you concerned that increasingly strict data-scraping laws may hinder your efforts to compile threat data?

JS: GDPR and other data protection laws do not unreasonably hinder the kind of collection for OSINT that we do to help our clients. Our collection policies are compliant with GDPR and other relevant laws and regulations.

Our clients rely on us to support their mission; as a result, we have to ensure we are not overstepping the legal or ethical line to do this. Legal compliance has and will continue to be top of mind for the threat intelligence community.

AN: How do you ensure the intelligence you provide is free of bias?

JS: Avoiding bias is always a hard problem for machine learning models, and this is an additional reason why it’s important to have both human and machine intelligence, to counteract potential bias from either source.

We have tools and processes for monitoring bias in training data for the models used to do Natural Language Processing. That is part of our intelligence creation; our intellectual property as such.

On the other hand, in conflicts it’s often the case that “one person’s terrorist is another person’s hero”, and the automated text analytics will sometimes classify an event as an example “an act of terror” when the opposing side might not agree with that.

For us, it’s important to catch all angles of an event and to do that in as unbiased a way as possible. Unbiased intelligence is at the core of Recorded Future. 

AN: Have you noticed an uptick in threats amid global instabilities like the situations in Ukraine and Taiwan?

JS: It’s fair to say that the war in Ukraine and the situation in Taiwan have heightened focus and attention on cyber threats. We are observing both the kinetic and cyber capabilities of some very powerful countries. Businesses across all sectors are rightly concerned about the spillover of cyber attacks spilling out from initial targets to target other organisations indiscriminately (as we have seen with ‘NotPetya’ as one such example). 

These events do become opportunities for organisations to consider gaps and weaknesses in their programs and strengthen them where needed. Intelligence becomes a great way to drive this by understanding likely adversaries and how they operate (via TTP’s).

The reality is most businesses realistically have nothing to worry about. However, if you operate in or close to some of the countries already mentioned, operate critical infrastructure, or your government is pro-Ukrainian, you should be considering where to beef up your security capabilities to be better prepared in case of targeting. 

AN: What do you perceive to be the current biggest threat?

JS: This is a really nuanced question, and the true answer is… it depends.

If you are a small business, Business Email Compromise (BEC) and phishing are likely the biggest risks. Larger organisations are likely worried about ransomware attacks halting their operations.

If you are a missile manufacturer, you are likely worried about all of the above scenarios and state-sponsored espionage as well.

That is why intelligence is so important, it informs its consumers of what are the likely biggest risks to their specific business and sector this month, quarter, and year. It’s always evolving and it’s critical that organisations keep up to date with what the ‘threat landscape’ really looks like.  

Recorded Future will be sharing their invaluable insights at this year’s Cyber Security & Cloud Expo Europe. You can find details about Recorded Future’s presentations here. Swing by their booth at stand #183.

Tags: , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply