Recorded FuturevsUpGuard

The usability, design, and learning curve of a product can play a large role in deciding which solution is right for you. The faster you and your team can get up to speed, the faster you can get your money's worth. 

Recorded Future and UpGuard offer their services via SaaS and are accessible from any location via a web browser. 

• Recorded Future: Interface is easy to read. Workflow is intuitive to new users but still requires time to master.‍
• UpGuard: Very intuitive workflow allows new users to master the functions of the platform very quickly. User-friendly workflow also expedites the vendor onboarding process.

"UpGuard has improved the customer experience, reduced vendor onboarding times and introduced an industry-leading security posture, to elevate our customer well above all of its competitors."

- UpGuard customer.

Recorded Future vs. UpGuard: Risk Assessment Methodology

Recorded Future's Intelligence Cards™ provide real-time insights on each entity available in the Intelligence Graph, including information like the risk score, further information on identified risks, in-house research, and more.

UpGuard provides a high-level summation of risk with the ability to drill down into precise technical details. Risks are prioritized based on in-house research, with the provision of further remediation and protection suggestions, where possible. 

The platform also offers a risk assessment management feature with questionnaires based on popular regulations as well as a customizable questionnaire builder for bespoke security risk queries.

• Recorded Future: Combines machine analytics with human expertise to produce intelligence for risk mitigation. Recorded Future’s platform categorizes, links, and analyses this intelligence in real-time to provide clear insights for users via its Security Intelligence Graph.‍
• UpGuard: UpGuard's integrated cyber risk platform combines security ratings, security assessment questionnaires, and threat intelligence capabilities to give businesses a comprehensive and continuously up-to-date view of their internal and third-party risk surface.

Recorded Future vs. UpGuard: Scope

Most organizations deal with a large inventory of vendors which makes vendor risk management an increasingly difficult feat. You need a wide coverage of third-party organizations to gain visibility over who has access to your sensitive data and to enact the right strategies to improve your security posture.

Recorded Future: Continuously monitors 150,000+ companies.

UpGuard: Continuously monitors 2,000,000+ organizations.

Recorded Future is a threat intelligence platform that uses machine learning and natural language processes AI intelligence to collect data from sources including open source, dark web, technical sources, and original research.

The platform’s Security Intelligence Graph provides brand, threat, third-party, SecOps, vulnerability, and geopolitical intelligence. It models relevant security information collected from billions of entities in real time. Their team of analysts also independently collects data to complement their AI findings.

UpGuard is a cybersecurity and Vendor Risk Management platform that helps global organizations prevent data breaches, detect data leaks monitor third-party vendors, and reduce third-party security risks.

UpGuard proactively identifies security exposures using proprietary security ratings, data leak detection capabilities, and remediation workflows. The platform processes over 800 billion data points each day to provide real-time insights..

• ‍Recorded Future: Continuously monitors 150,000+ companies.‍
• UpGuard: Continuously monitors  2,000,000+ organizations.
  

The predictive capabilities of each solution differ. Recorded Future and UpGuard both detect potential threats using different sources.

• Recorded Future: The Recorded Future Intelligence Platform delivers real-time insights from open source, dark web, technical sources, and original research. Users can access these insights via the Security Intelligence Graph to proactively mitigate identified risks.‍
• UpGuard: As UpGuard checks for misconfigurations across an organization’s Internet footprint, many important breach vectors are covered, including phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data leaks are automatically surfaced by the platform for security teams to remove false positives and support efficient remediation efforts.
  

Keeping customers and the cybersecurity community informed on the latest cyber security developments is paramount, with new vulnerabilities and threats emerging daily. 

Both Recorded Future and UpGuard offer comprehensive online resources to educate and inform customers.

UpGuard's blog content, however, is reviewed by industry experts to verify trustworthiness. UpGuard's VRM blog content has also been regarded as more in-depth and helpful. In addition to its VRM blog, UpGuard regularly hosts a virtual summit to keep the global cybersecurity community updated with the latest VRM developments.

• Recorded Future: The Recorded Future Podcast deep dives into cyber threat intelligence and provides industry insights. The Recorded Future Blog covers Intelligence analysis, industry perspectives, product updates, and company news.‍
• UpGuard: UpGuard keeps the VRM community continuously updated with the latest industry developments through its blog content and quarterly summit event.
  

UpGuard has adopted DevOps principles internally to develop, test, and release software on a continuous basis, ensuring fast, consistent, and safe releases that are thoroughly tested.

The release model for Recorded Future is unknown.

• Recorded Future: The frequency of Recorded Future’s updates is not stated on the website.‍
• UpGuard: UpGuard has adopted DevOps principles internally to develop, test, and release software continuously, ensuring fast, consistent, and safe releases. UpGuard has a regular fortnightly release rate, with all features, changes, and improvements listed under UpGuard Release Notes.
  

Cyber risk platforms can be expensive and the common use of opaque pricing policies often takes power away from the purchaser. With most services offering tiered licensing options and add-ons, finding a solution that fits your needs and budget can prove more difficult without transparent pricing.

• ‍Recorded Future: Pricing for Recorded Future’s platform is not available on the website. Online product reviews suggest that it's priced higher than some competitors.‍
• UpGuard: UpGuard has a transparent pricing model which you can view here. UpGuard pricing starts at $5,249/year and scales with your company. If you have any questions, please email sales@upguard.com.
  

Accessing the information in a cyber risk product outside of its graphical interface is important for integrated business strategies and consolidating data to a preferred system. 

Both Recorded Future and UpGuard offer APIs.

• ‍Recorded Future: Offers RESTful APIs to allow integration to Recorded Future’s automated intelligence.‍
• UpGuard: Offers a standard API to pull data from Upguard’s platform into other enterprise applications.
  

APIs are useful for technical staff, but not all information security teams have access to developers. In this situation, standard third-party integrations are an essential part of decision-making.  

Both Recorded Future and UpGuard offer integrations into other platforms.

• ‍Recorded Future: Integrates with Security Information and Event Management (SIEM); Security Orchestration, Automation, and Response (SOAR); endpoint security (EDR); incident response systems; vulnerability management tools, like AWS, Splunk, ServiceNow, Slack, and more.‍
• UpGuard: Integrates with Zapier to enable connections to 3,000+ apps; GRC platforms, ticketing systems like JIRA; VRM solutions like ServiceNow, and more. 
  

• ‍Recorded Future: Major customers include Accenture, DuPont, Fujitsu, GAP, and McAfee.‍
• UpGuard: Customers include the New York Stock Exchange (ICE), Morningstar, Bill.com, IAG, PagerDuty, and Hopin

Here's what a few UpGuard customers had to say about their experience. You can read more on Gartner reviews.

"UpGuard has given us a view of our vendor security posture. The ability to launch a questionnaire or ask for a plan of remediation for items that show as vulnerable is also a great added value and a time saver. UpGuard is also very customer-focused. They respond quickly to issues and questions and welcome any input that could improve the product. Overall it is one of the best value add tools we have."

"The simplicity of the product is fantastic. My team and I were able to be up and running in minutes. We monitor risks on over 25 vendors in near real-time and use these statistics to report to the C suite and Board of Directors. UpGuard has become part of the critical cybersecurity metrics that we monitor and report upon."

"The ease of use and simplicity of the product is excellent. We were able to be up and running with 50 vendors within minutes, not hours. The reporting is used for monthly statistics and is reported to our Senior Management. UpGuard has become an integral part of our critical cybersecurity metrics that we monitor and report upon."

Recorded Future’s risk-scoring methodology uses a combination of machine-learning techniques and in-house research. The platform takes into account potential risks, such as company mentions on the dark web, domain abuse, incident reports, leaded credentials, infrastructure abuse, and web application security to calculate risk scores.  

The UpGuard platform generates security ratings through proprietary algorithms that take in and analyze trusted commercial and open-source data sets to non-intrusively collect data that can quantitatively evaluate cybersecurity risk. Ratings are based on the analysis of 70+ vectors, including email spoofing and phishing risk, vulnerabilities, malware susceptibility, network security, results of security questionnaires, exposure to known data breaches and data leaks, and more.

UpGuard's security ratings range from 0-950, which is considerably wider than Recorded Future's rating system, which only ranges from 0-100. UpGuard's larger range could be more helpful when assessing greater risk details.

• Recorded Future: Provides a score between 0-100 along with a level of criticality, labeled as Informational (5-24), Moderate (25-64), or High (65-99).‍
• UpGuard: Provides a cyber risk score between 0 and 950 along with the following letter grades, A: 801-950, B: 601-800, C: 401-600, D: 201-400, F: 0-200. You can request your free security rating by clicking here.

Let's take a look at how Recorded Future and UpGuard compare when assessed with the security rating solution on UpGuard's platform on July 28, 2020. It's important to note that UpGuard adheres to the Principles of Fair and Accurate Security Ratings, removing all biases in this analysis.

• Accuracy and Validation: UpGuard's security ratings are empirical, data-driven, and based on independently verifiable and accessible information.
• Model Governance: The datasets and methodologies used to calculate our security ratings can change in line with our improving understanding of cybersecurity risk mitigation. When this happens, we provide reasonable notice and explanation to our customers about the impact on their security rating.
• Independence: No commercial agreement or lack thereof allows an organization to improve its security rating outside of the unbiased measurements of UpGuard's security ratings.‍
• Confidentiality: Any information disclosed to UpGuard during a challenged rating or dispute is appropriately protected. Nor do we provide third parties.