Exabeam, Recorded Future look to intelligence-led TDR

Exabeam and Recorded Future want to change the way Threat Detection and Response (TDR) is done. They are partnering to power an intelligence-led TDR built on an integration between products from both companies. The announcement is an extension of the existing partnership between the two vendors. It is expected to make it easier for security analysts to understand alerts.

Steve Wilson, Chief AI Officer at Exabeam, said, “Security teams need to move faster, and with greater precision. By integrating Recorded Future’s intelligence directly into the Exabeam New-Scale Platform, we’re delivering real-time context where analysts need it most.

“We’re not just adding more intel to a dashboard, we’re turning that intelligence into action with agentic AI. From detection to containment, this is how threat intel should work.” 

What products are involved, and what will this deliver?

This announcement sees the Exabeam New-Scale Security Operations Platform integrated with Recorded Future Intelligence Platform. It brings additional intelligence into the TDR space. The result is threat detection, investigation, and response (TDIR). The key here for security teams is the investigation phase as a core part of TDR.

The reason for doing this is to reduce the workload on security analysts. While AI has helped remove a degree of pressure from security analysts, they still have to deal with alerts that often lack context.

To address that, Recorded Future is embedding its real-time threat intelligence directly into the Exabeam New-Scale Platform. It gives analysts the ability to enrich every security even with additional intelligence. That makes it easier to understand the context around an event, which allows an analyst to create actionable intelligence.

The next step is to automate that actionable intelligence to improve the speed of response. For MSPs, this is critical. They often struggle to ensure that the intelligence they pass to customers can be acted up quickly. With this partnership, MSPs and internal teams get focused actions that improve the rate of response.

A little more on the solutions

The Exabeam New-Scale Security Operations Platform consists of a number of different solutions. This announcement sees enhancements to the New-Scale SIEM, New-Scale Analytics, and Exabeam Nova. Teams will get greater guidance on what data to ingest and how they can optimise detection strategies.

That guidance is based on understanding risk. Over the last couple of years, there has been a move towards greater risk understanding in security. For example, a zero-day is announced. Security teams need to understand what risk it poses, what they should patch and how to mitigate risk. The latter is especially important because security and operations teams are overwhelmed with maintenance and patching.

Delivering that risk information is the Recorded Future Intelligence Graph. It pulls together all the security events and applies real-time Risk Scores. Additionally, it will trigger Risk Rules, evidence details, and critical intelligence. All of these provide significant enrichment to each event.

According to the announcement, there are three key capabilities:

• Automated threat enrichment: Real-time threat intelligence adds immediate context to alerts, reducing time-consuming manual research.
• Accelerated investigations: Enriched timelines and dynamic risk scoring enable analysts to identify critical threats faster.
• Prebuilt response playbooks: Automatically contain threats, such as blocking malicious IPs or disabling compromised accounts, based on high-confidence detections.

Enterprise Times: What does this mean?

This is an interesting partnership and continues the current industry trend to enrich alerts and provide a context around risk. You can never have too much intelligence around an alert, with the caveat that it cannot increase workload. Another requirement is how to improve actionable intelligence that delivers, rather than just more executable scripts.

Exabeam and Recorded Future are delivering on both of these. The question is, who will get the greatest benefit? The answer is likely to be MSPs rather than enterprise customers. MSPs are also on that journey to improve the quality of alerts and make resolution easier.

It will be interesting to see not only the take-up of the new integrated products but also what the two companies announce next.

The post Exabeam, Recorded Future look to intelligence-led TDR appeared first on Enterprise Times.