September 17, 2019 • The Recorded Future Team
For decades, this large national insurance company has helped protect people and the things they care about most. With more than 30,000 associates across the United States, the Fortune 100 company offers a wide range of services, including insurance and retirement planning, as well as investing and banking services.
We talked with the company’s third-party information risk management team lead, an information security specialist, and the threat intelligence team lead about how threat intelligence from Recorded Future helps them save time and money while reducing risk across security functions.
The insurance company has embarked on an enterprise-wide digital transformation journey to drive efficiency, automate processes, and ensure it can continue to deliver a world-class customer experience for years to come. In embracing modern technologies, the company’s broad network of partners, contractors, and third-party suppliers has grown significantly. While each of these relationships helps create business value, they also introduce new risks to the organization and increase the overall attack surface.
For years, the third-party information risk management group had used a third-party risk management platform, but they struggled to maintain a clear and current view of their partners’ risk profiles. The risk management lead recounts:
The team sought a better way to not only evaluate potential new suppliers — particularly around data sharing and protection practices for personally identifiable information (PII) — but also continuously assess and analyze risk across its existing third-party ecosystem. “We needed a solution that could provide a more contextualized and real-time view of third-party risk, backed by a company with a strong road map that we could rely on.”
After evaluating potential solutions, the team selected Recorded Future’s Third-Party Risk module — part of its universal Threat Intelligence Platform — based on its broad set of external data sources, its ability to deliver real-time insights, and its cost-efficient price point.
The Third-Party Risk module helps the company better understand, analyze, and rapidly address potential risks associated with third parties, including:
- Corporate emails, credentials, and company mentions found on the dark web
- Negative social media chatter
- Domain abuse (often indicative of phishing attacks)
- Use of vulnerable technologies
- IT infrastructure misuse or abuse
In addition to collecting and analyzing this threat data, Recorded Future’s Intelligence Cards give the team a quick and up-to-date view of each organization’s risk profile. “I use Intelligence Cards every day,” says the information security specialist. “They provide valuable insights into the risk postures of the critical suppliers we do business with — from real-time risk scores and alerts to custom rules we’ve set — and allow us to drill deeper when needed.” And by prioritizing threat intelligence, the Recorded Future solution helps the team quickly rule out low-risk alerts and false positives, focus on the most significant threats, and take immediate action to resolve them.
“When it comes to third-party risk, we’re always trying to tie vulnerabilities back to specific services we know and use,” says the risk management lead. “Recorded Future helps us connect the dots so that when we do identify issues, we can quickly corroborate them, escalate information to our procurement team, alert the third-party supplier, and collaboratively address the situation to drive down risk or remove them from our approved vendor list when necessary.” And by using this intelligence for new vendor evaluations, the team can require changes to security and data protection practices before engaging in a business relationship.
The company estimates that Recorded Future has helped them reduce time spent on due diligence and reference checking by 50%. “Gone are the days of third-party risk evaluations with vendor questionnaires, Excel sheets, and screenshots. Recorded Future’s threat intelligence has enabled us to move away from a static, point-in-time approach to a continuous monitoring situation — because risk truly lies in the ongoing operations of a business.”
And enhanced threat intelligence hasn’t just benefited the third-party risk group — it is augmenting security and risk functions across the organization. The threat intelligence team lead shares, “Recorded Future has helped us better prioritize third-party risk information and incorporate that into our broader cyber threat intelligence perspective. This enhanced threat intelligence has also helped to create and solidify relationships between our threat intelligence and the third-party risk groups, which ultimately helps us resolve incidents faster.”
According to the risk management lead, “Recorded Future gives us a greater level of confidence — it just feels more accurate. And it’s going to get better and better over time. We have a goal of shifting our team’s focus from 80% assessments to 80% monitoring. The Recorded Future solution is playing a critical role in making this a reality.”
The team also has plans to integrate the solution with existing security infrastructure such as Splunk to provide additional context, further centralize threat data, and gain a more complete picture of their corporate risk profile.