Skip to content
.ca
sign in
2 minlow

A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape

Recorded Future has announced a restructuring of its threat intelligence platform into four core solutions and three tiered packages (Core, Professional, Elite) designed to address the evolving 2026 threat landscape. The new model emphasizes unlimited user access and integrations to operationalize intelligence across cyber operations, digital risk, third-party risk, and payment fraud domains.

Conf:lowAnalyzed:2026-04-15reports
ActorsState-sponsored actorsInfluence operatorsHacktivist groupsCriminal collectives
Recorded FutureThreat IntelligenceRisk ManagementProduct Announcement

Source:Recorded Future

Key Takeaways

  • Recorded Future has restructured its offerings into four core solutions: Cyber Operations, Digital Risk Protection, Third-Party Risk, and Payment Fraud Intelligence.
  • Three new tiered packages (Core, Professional, Elite) are now available to scale with organizational maturity.
  • The new licensing model includes unlimited users and integrations to democratize access to threat intelligence across teams.
  • The 2026 threat landscape is characterized by state-sponsored pre-positioning, industrialized cybercrime, and third-party SaaS compromises.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

Detection Engineering Assessment

EDR Visibility: None — The article is a product announcement and does not detail specific technical threats requiring EDR visibility. Network Visibility: None — The article is a product announcement and does not detail specific technical threats requiring network visibility. Detection Difficulty: N/A — No specific threats, malware, or attack chains are discussed to evaluate detection difficulty.

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Monitor for anomalous access patterns, MFA modifications, or configuration changes in third-party SaaS platforms that may indicate compromise via social engineering by criminal collectives.SaaS audit logs, Identity Provider (IdP) logsInitial Access / PersistenceMedium

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • N/A

Infrastructure Hardening

  • N/A

User Protection

  • N/A

Security Awareness

  • Review current threat intelligence consumption models and assess if they adequately cover cyber operations, digital risk, third-party risk, and payment fraud.
  • Evaluate the organization's visibility into third-party SaaS platforms and vendor ecosystems to defend against supply chain and social engineering threats.

Related