Christopher Ahlberg, CEO of Recorded Future
On Thursday, Recorded Future — a threat intelligence company little known outside cybersecurity circles — announced its sale to venture firm Insight Partners for $780 million.
The deal bought out high-profile investors in the company, including Alphabet’s GV (formerly Google Ventures), the CIA’s In-Q-Tel and Reed Elsevier, among others.
The acquisition comes companies are looking to grow a neglected tool in their cybersecurity arsenal: predictive intelligence, which can help them tell where and how the next cyberattack will come.
Recorded Future collates data from a wide variety of sources, including dark web forums, company infrastructure and international news alerts, and turns it into information that customers can use to predict new attacks. It’s a little bit like a financial services terminal, only focused on threats instead of market moves.
It’s not unlike battlefield intelligence, CEO Christopher Ahlberg said, where the goal is to understand the current geography and movements of criminals or rogue nation-states.
The product fills a common gap in many cybersecurity organizations. Most mid-size and large companies have a security operations center or SOC, which typically handles the most immediate problems — denial of service or ransomware attacks, or incoming email phishing attempts. Companies also focus their spending on regulatory functions and practical, nuts-and-bolts security measures, like triaging and cleaning up significant problems.
But in the process of focusing on the “now,” companies often outsource or ignore the “before” picture of gathering intelligence and the “after” picture of investigating cybercrimes.
Ahlberg says that’s starting to change.
“It used to be that five years ago, we were basically selling threat intelligence to threat intelligence people,” Ahlberg said. “The big breakthrough is how we do security today, [cybersecurity executives] have started looking at having an intelligence-driven security program. Who would go to war without an intelligence capability? We have to find a way to outsmart the bad guy, whether that’s in some sophisticated way or some really obvious way.”
The market for threat intelligence tools could grow from $3.83 billion in 2017 to $8.94 billion by 2022, or around 18.4% yearly, according to an estimate by research firm Reports and Reports.
Ahlberg envisions competing with the largest intelligence agencies by digging deeper across the internet, “down to the damn electrons if we have to,” he said.
As threat intelligence becomes more common, Ahlberg hopes the company will be able to “punch of its weight” and compete with companies like Palo Alto, FireEye, Cisco and IBM that also offer threat intelligence as part of broader operations platforms.
Customers already include government agencies and Fortune 500 companies from a cross-section of industries, including Fujitsu, T-Mobile, Fannie Mae, Gap, Accenture, Regions and Verizon.
“We are looking at getting into the high school cafeteria, and getting a seat with the cool kids,” he said. “We are also looking at building out a profession of threat intel.”