Land O’Lakes Prioritizes Proactive Security and Automation With Intelligence From Recorded Future

Land O'Lakes Increases Threat Visibility by 25% Through Proactive Intelligence and Automation

Land O'Lakes leverages Recorded Future to accelerate vulnerability prioritization and phishing response while driving security team collaboration across global operations—catching and blocking threats through real-time automated alerts.

With approximately 8,000 security vulnerabilities disclosed annually, Land O'Lakes' threat and vulnerability management team faced an impossible task: address every emerging threat across their expanding global operations. The team needed two things: proactive intelligence tailored to Land O'Lakes and automation to drive efficiency at scale. Recorded Future provided the answer.

Goal

Protect the company's global operations by making faster, more informed decisions based on risk while automating manual processes to drive efficiencies.

Challenge

Land O'Lakes' threat and vulnerability management team needed to prioritize and rapidly respond to emerging threats while scaling automation capabilities. Despite existing tools showing threat information, the team lacked proactive research capabilities to dig deeper into company-specific intelligence and contextualize which vulnerabilities posed genuine risks worth patching.

Outcome

Land O'Lakes achieved a 25% boost in overall threat visibility after implementing Recorded Future's Intelligence Cloud, which seamlessly integrates with their SIEM solution and orchestration tools to enrich internal data with real-time context.

Real-time Risk Scores based on actual exploitability help the team locate and patch weaponized vulnerabilities rapidly—addressing only what matters since "we can't patch everything," as Zieg notes. Custom watch lists deliver automatic alerts when company names, products, or similar domains appear anywhere on the web.

Prioritizing Threats in an Era of 8,000 Annual Vulnerabilities

According to Gartner, approximately 8,000 security vulnerabilities per year were disclosed over the past decade. In the same timeframe, the number of new software releases has grown immensely, expanding organizations’ attack surfaces and resulting in an exponential increase in cyber threats.

On the front lines of cyber defense, the Land O’Lakes threat and vulnerability management team is responsible for a host of critical initiatives including scanning, analysis, patching, testing, and incident response. Over the past four years, the team has nearly doubled in size to help the organization stay ahead of increasingly sophisticated cyberattackers. However, with new vulnerabilities emerging every day, it’s extremely difficult to prioritize and address every potential threat. The Land O’Lakes team needed a way to prioritize vulnerabilities and threats so they could make faster, more informed decisions based on risk.

According to senior security engineer Chris Zieg, “Our existing tools could show us threat information, but we wanted to get more proactive with our research by digging deeper and monitoring for specific information that was relevant to our company.” Additionally, the team placed an emphasis on scaling automation capabilities to help create efficiencies.

We wanted to get more proactive with our research by digging deeper and monitoring for specific information that was relevant to our company.

Chris Zieg

Senior Security Engineer, Land O’Lakes

Balancing Proactive Defense and Automation Through Integrated Intelligence

Focused on dual priorities of proactive security and automation, the Land O’Lakes team adopted the Recorded Future platform.

Recorded Future’s unique combination of automated data collection and human analysis across the broadest range of sources and languages generates high-quality, actionable intelligence. This threat intelligence integrates seamlessly into the Land O’Lakes team’s existing security stack — including a SIEM solution and orchestration tool — enriching internal data to help the team identify, assess, and contextualize threats in real time.

From Alert to Action: Stopping Threats Before Lunch

“We know we can’t patch everything,” says Zieg. “Recorded Future helps us quickly assess and prioritize things such as phishing emails and critical vulnerabilities, which helps us focus our efforts and speed up response times to high-priority threats.”

Real-time Recorded Future Risk Scores based on actual exploitability enable the team to quickly reduce risk by locating, prioritizing, and patching vulnerabilities that have been weaponized in the wild. Full visibility into the reasoning behind each score helps the Land O’Lakes team weigh the potential disruption of applying a patch against the real-world threat posed by the vulnerability, thus deepening their research capabilities and driving more confident actions.

The team also appreciates the ability to create customized watch lists. By configuring automatic alerts based on topics of interest, they know immediately when their company, product names, and more are mentioned on the web.

“One morning, we received an alert from Recorded Future on a domain registration very similar to ours,” says Zieg. “It looked suspicious, so we checked it out and expanded our search. We could see employees had received phishing emails from this domain, so we immediately took action and deleted the emails from Outlook Exchange and blocked the domain — all before lunch.”

One morning, we received an alert from Recorded Future on a domain registration very similar to ours... We could see employees had received phishing emails from this domain, so we immediately took action and deleted the emails from Outlook Exchange and blocked the domain — all before lunch

Chris Zieg

Senior Security Engineer, Land O’Lakes

Another time, a fellow engineer on the team uncovered a website exploitation. After it was addressed, the team set up alerts and began monitoring all discussions on the domain. The team now receives real-time updates on these discussions via email and mobile alerts. These relevant insights give the team what they need — when they need it — to make faster decisions and work more efficiently.

Centralized Intelligence Transforms Security Team Collaboration

Zieg estimates that continuous monitoring, real-time threat intelligence, and automated alerting from the Recorded Future Intelligence Cloud have helped the team boost overall visibility of threats targeting the organization by 25%. He notes that the platform has been especially helpful in speeding up the analysis of phishing attempts. This is significant, as phishing is involved in nearly one-third of all data breaches and it represents the number one threat action today.

By centralizing and continuously updating threat intelligence in real time, Recorded Future has also helped boost collaboration and information sharing across the entire security organization. “Now, if our CISO forwards us an email about a brand new vulnerability, we can do a rapid analysis, find out if it’s going to impact us, and communicate our findings to the security team quickly,” says Zieg.

Impressed with their experience thus far, the Land O’Lakes team plans to automate additional security processes in the future by leveraging threat intelligence from Recorded Future.

“I like how Recorded Future operates and is organized, and I continue to be impressed by the curated information they provide,” he says. “They’re focused on working with us as a company and meeting our individualized needs.”