Recorded Future Unveils Third-Party Risk Intelligence for Comprehensive View of Cyber Threats
Jan 24, 2019
SC Pressroom Cybersecurity's leading news distribution network
BOSTON, -- Recorded Future, the leading threat intelligence company, today announced the availability of a new offering: Third-Party Risk. The new module will expose, contextualize, and rate the potential threat environment facing specific external organizations. Security teams using Recorded Future and its new Third-Party Risk module will have the ability to optimize risk mitigation from both direct and indirect threats with analysis that addresses their entire digital ecosystem, with full data transparency.
Recorded Future delivers relevant, real-time threat intelligence powered by machine learning to manage risk. The company's patented technology automatically collects and analyzes information and provides invaluable context for better decision making on potential threats.
"Recorded Future's Third-Party Risk module allows us to more efficiently manage changing exposure for our clients and partners, empowering them to act on threats before they become issues." — John D. Loveland, Global Head of Cyber Security Strategy at Verizon Enterprise Services
You can request a demo at https://recordedfuture.com/demo.
As reported by Forrester, "Third parties were the cause of 21% of confirmed breaches in 2018, and that's up from 17% in 2017."1 As organizations push further into their digital transformations — adoption of IoT devices, moving data to the cloud, mobile-first philosophies — they're exponentially increasing risk posed by third parties, both in number and scale.
With Third-Party Risk, threat intelligence teams can integrate vendor analysis into their overall business risk assessment and security strategy within a single platform, staying apprised of changes to their risk profile, regardless of origin. Third-Party Risk provides full transparency into the reasoning and threats contributing to overall risk scores in real time, so that security teams can make determinations about how to engage with third parties in accordance with their unique requirements and profiles.
"For a long time, we described threat intelligence as 'going beyond the wall' — providing a view of all threats developing outside the confines of an organization. But that's really just the first half of the story — and it's not enough to protect a diverse ecosystem. We know that digital transformation is increasing cyber risk. We also know the only way to counteract this growing threat is to better understand how partner organizations impact our own threat landscapes. By offering Third-Party Risk as part of the Recorded Future Platform, we're helping organizations strengthen their own defenses and build healthy bonds between partners." — Christopher Ahlberg, CEO and Co-Founder, Recorded Future
Stay Informed With Dynamic, Forward-Looking Risk Analysis
Building on the intelligence provided for direct threats, Third-Party Risk clients can better gauge indirect risk to their organizations with real-time alerts and Threat Views that constantly update. With real-time intelligence on the companies in their ecosystems, clients are able to ask the right questions of partners and make informed decisions about how to mitigate threats, thereby reducing overall risk.
"The importance of measuring and proactively addressing risk from third parties cannot be overstated. By analyzing real-time threat activity targeting third parties, in addition to third-party infrastructure and vulnerability data, we're providing a more complete view of risk. This comprehensive outlook allows our clients to understand current weaknesses and better evaluate the potential impact of emerging threats to their organization." — Matt Kodama, Vice President of Product, Recorded Future
Examples of risk indicators that Third-Party Risk monitors for include:
- Dark Web Footprint: Monitor for corporate emails, credentials, and company mentions on the dark web. The dark web is not a place organizations want to be popular on — the more frequently a company is mentioned in underground spaces like criminal forums, the higher their risk of abuse or attack. Companies that find leaked data on the dark web should guard against attacks like credential stuffing, phishing, and account impersonation. This is equally important for third parties — a spearphishing attack that seems to come from a trusted business partner is far more compelling than one from a stranger.
- Domain Abuse: Typosquat domains registered to impersonate an organization's domains are inherently deceptive, indicating that threat actors are targeting that organization and suggesting that future attacks, such as phishing attacks or a targeted campaign, are likely.
- Unpatched, Vulnerable Technologies: Third parties using website technologies that are often exploited pose an increased risk of compromise for their partners. Risk severity can be determined by the potential impact an attack poses and whether real threat actors are actively targeting vulnerabilities present in partner technologies.
- IT Policy Violations: IT infrastructure misuse or abuse, such as an IP address hosting a command and control server, indicates that the company is more susceptible to attack and may pose a risk to companies they do business with.
Recorded Future Delivering Value and Return on Investment for Customers
In an IDC White Paper sponsored by Recorded Future, "Organizations React to Security Threats More Efficiently and Cost Effectively with Recorded Future," IDC concluded that Recorded Future enabled security teams to identify threats to their organizations 10 times faster, while helping to resolve security incidents 63 percent faster when they do occur.
Today, it would take nearly 9,000 analysts, working eight hours a day, five days a week, for 52 weeks per year, to process the same amount of security event data that Recorded Future's machine analytics can process in the same time frame.
About Recorded Future
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future. Learn more at www.recordedfuture.com and follow us on Twitter at @RecordedFuture.
1 The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018, Forrester Research, Inc.
Tags: United States, English