Land O’Lakes Prioritizes Proactive Security and Automation With Intelligence From Recorded Future

Overview

Land O’Lakes, Inc., one of America’s premier agribusiness and food companies, is a member-owned cooperative with industry-leading operations that span the spectrum from agricultural production to consumer foods. Based in Arden Hills, Minnesota, Land O’Lakes is one of the nation's largest co-ops. It ranks in the top half of the Fortune 500 and employs 10,000 people across all 50 states and more than 60 countries. Building on a legacy of nearly 100 years of excellence, Land O’Lakes today operates some of the most respected brands and businesses in agriculture and food production including Land O’Lakes Dairy Foods, Purina Animal Nutrition, WinField United, and Truterra (formerly Land O’Lakes SUSTAIN).

Challenge

According to Gartner, approximately 8,000 security vulnerabilities per year were disclosed over the past decade. In the same timeframe, the amount of new software that has been released has grown immensely, increasing the target footprint for cybercriminals. As a result, the number of threats has increased exponentially.

On the front lines of cyber defense, Land O’Lakes’ threat and vulnerability management team is responsible for a host of critical initiatives including scanning, analysis, patching, testing, and incident response. Over the past four years, the team has nearly doubled in size to help the organization stay ahead of increasingly sophisticated cyberattackers. However, with new vulnerabilities emerging every day, it’s extremely difficult to prioritize and address every potential threat. The Land O’Lakes team needed a way to prioritize vulnerabilities and threats, so they could make faster, more informed decisions based on risk.

Land O’Lakes’ senior security engineer Chris Zieg remembers, “Our existing tools could show us threat information, but we wanted to get more proactive with our research by digging deeper and monitoring for specific information that was relevant to our company.” Additionally, the team placed an emphasis on scaling automation capabilities to help create efficiencies.

Solution

Focused on dual priorities of proactive security and automation, the Land O’Lakes team selected the Recorded Future Threat Intelligence Platform in 2018.

Recorded Future’s unique combination of automated data collection and human analysis across the broadest range of sources and languages generates high-quality, actionable intelligence. This intelligence is integrated seamlessly into Land O’Lakes’ existing security stack — including a SEIM solution and orchestration tool — enriching internal data to help the team identify, assess, and contextualize threats in real-time.

“We know we can’t patch everything,” says Zieg. “Recorded Future helps us quickly assess and prioritize things such as phishing emails and critical vulnerabilities, which helps us focus our efforts and speed up response times to high-priority threats.”

Real-time Recorded Future Risk Scores based on actual exploitability enable the team to quickly reduce risk by locating, prioritizing, and patching vulnerabilities that have been weaponized in the wild. Full visibility into the reasoning behind each score helps the Land O’Lakes team weigh the potential disruption of applying a patch against the real-world threat posed by the vulnerability, thus deepening their research capabilities and driving more confident actions.

The ability to create customized watch lists has also proven to be particularly useful for Land O’Lakes. By configuring automatic alerts based on topics of interest, they know immediately when their company, product names, and more are mentioned on the web.

Zieg recalls, “One morning, we received an alert from Recorded Future on a domain registration very similar to ours. It looked suspicious, so we checked it out and expanded our search. We could see employees had received phishing emails from this domain, so we immediately took action and deleted the emails from Outlook Exchange and blocked the domain — all before lunch.”

Another time, a fellow engineer on the team uncovered a website exploitation. After it was addressed, the team set up alerts and began monitoring all discussions on the domain. The team now receives real-time updates on these discussions via email and mobile alerts. These relevant insights give the Land O’Lakes team what they need — when they need it — to make faster decisions and work more efficiently.

Results

Zieg estimates that continuous monitoring, real-time security intelligence, and automated alerting from Recorded Future helped the team boost overall visibility of threats targeting the organization by 25%. He notes the solution has been especially helpful in speeding up the analysis of phishing attempts. This is significant, as phishing is involved in nearly one-third of all data breaches and it represents the number one threat action today.

By centralizing and continuously updating intelligence in real time, Recorded Future has also helped boost collaboration and information sharing across the entire security organization. “Now, if our CISO forwards us an email about a brand new vulnerability, we can do a rapid analysis, find out if it’s going to impact us, and communicate our findings to the security team quickly.”

Impressed with their experience thus far, Land O’Lakes plans to automate additional security processes in the future by leveraging intelligence from Recorded Future. Zieg, who attended the company’s 2019 user conference, RFUN: Predict, noted the training and insights gained from the experience will be instrumental as the team extends their use cases with the platform.

He concludes, “I like how Recorded Future operates and is organized, and I continue to be impressed by the curated information they provide. They’re focused on working with us as a company and meeting our individualized needs.”

To see the full PDF, download here.