SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Recorded Future Releases Third-Party Risk Intelligence

January 23, 2019

The new module will expose, contextualize, and rate the potential threat environment facing specific external organizations. Security teams using Recorded Future and its new Third-Party Risk module will have the ability to optimize risk mitigation from both direct and indirect threats with analysis that addresses their entire digital ecosystem, with full data transparency.

"Recorded Future's Third-Party Risk module allows us to more efficiently manage changing exposure for our clients and partners, empowering them to act on threats before they become issues." John D. Loveland, Global Head of Cyber Security Strategy at Verizon Enterprise Services

As reported by Forrester, "Third parties were the cause of 21% of confirmed breaches in 2018, and that's up from 17% in 2017."1 As organizations push further into their digital transformations adoption of IoT devices, moving data to the cloud, mobile-first philosophies they're exponentially increasing risk posed by third parties, both in number and scale.

With Third-Party Risk, threat intelligence teams can integrate vendor analysis into their overall business risk assessment and security strategy within a single platform, staying apprised of changes to their risk profile, regardless of origin. Third-Party Risk provides full transparency into the reasoning and threats contributing to overall risk scores in real time, so that security teams can make determinations about how to engage with third parties in accordance with their unique requirements and profiles.

"For a long time, we described threat intelligence as 'going beyond the wall' providing a view of all threats developing outside the confines of an organization. But that's really just the first half of the story and it's not enough to protect a diverse ecosystem. We know that digital transformation is increasing cyber risk. We also know the only way to counteract this growing threat is to better understand how partner organizations impact our own threat landscapes. By offering Third-Party Risk as part of the Recorded Future Platform, we're helping organizations strengthen their own defenses and build healthy bonds between partners." Christopher Ahlberg, CEO and Co-Founder, Recorded Future

Stay Informed With Dynamic, Forward-Looking Risk Analysis

Building on the intelligence provided for direct threats, Third-Party Risk clients can better gauge indirect risk to their organizations with real-time alerts and Threat Views that constantly update. With real-time intelligence on the companies in their ecosystems, clients are able to ask the right questions of partners and make informed decisions about how to mitigate threats, thereby reducing overall risk.

"The importance of measuring and proactively addressing risk from third parties cannot be overstated. By analyzing real-time threat activity targeting third parties, in addition to third-party infrastructure and vulnerability data, we're providing a more complete view of risk. This comprehensive outlook allows our clients to understand current weaknesses and better evaluate the potential impact of emerging threats to their organization." Matt Kodama, Vice President of Product, Recorded Future

Examples of risk indicators that Third-Party Risk monitors for include:

Dark Web Footprint: Monitor for corporate emails, credentials, and company mentions on the dark web. The dark web is not a place organizations want to be popular on the more frequently a company is mentioned in underground spaces like criminal forums, the higher their risk of abuse or attack. Companies that find leaked data on the dark web should guard against attacks like credential stuffing, phishing, and account impersonation. This is equally important for third parties a spearphishing attack that seems to come from a trusted business partner is far more compelling than one from a stranger.

Domain Abuse: Typosquat domains registered to impersonate an organization's domains are inherently deceptive, indicating that threat actors are targeting that organization and suggesting that future attacks, such as phishing attacks or a targeted campaign, are likely.

Unpatched, Vulnerable Technologies: Third parties using website technologies that are often exploited pose an increased risk of compromise for their partners. Risk severity can be determined by the potential impact an attack poses and whether real threat actors are actively targeting vulnerabilities present in partner technologies.
IT Policy Violations: IT infrastructure misuse or abuse, such as an IP address hosting a command and control server, indicates that the company is more susceptible to attack and may pose a risk to companies they do business with.

In an IDC White Paper sponsored by Recorded Future, "Organizations React to Security Threats More Efficiently and Cost Effectively with Recorded Future," IDC concluded that Recorded Future enabled security teams to identify threats to their organizations 10 times faster, while helping to resolve security incidents 63 percent faster when they do occur.

Terms of Use | Copyright 2002 - 2019 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement