Landis+Gyr Outpaces Attackers by Predicting Threats Before They Strike
Global energy technology leader Landis+Gyr uses Recorded Future to gain clearer attribution, lift the curtain on targeted campaigns, and stop adversaries early in the attack chain. With deeper context driving faster decisions, the company has improved both MTTD and MTTR.
Goal:
Improve attribution and understanding of adversaries to strengthen security decisions.
Challenge:
Fragmented intelligence from multiple sources created blind spots, limited attribution, and slowed prioritization of the most critical threats targeting their industry.
Outcomes:
- Improved mean time to detect (MTTD) and mean time to respond (MTTR), enabling faster threat detection and incident response.
- Streamlined workflows and improved efficiency across security teams
- Earlier identification of adversaries and campaigns
- Prioritized defenses based on vulnerabilities actively targeting its sector
Challenge
Frustrated by Fragmented Intelligence
Utilities and energy technology companies sit in the crosshairs of cybercrime. Persistent threats from state-sponsored actors and financially motivated groups can jeopardize operational continuity. Even a minor incident can ripple outwards, causing service disruption, regulatory scrutiny, and a loss of customer trust.
Sanjay Kumar carries the critical responsibility of staying ahead of these threats. As the Threat Intelligence Manager at Landis+Gyr, Kumar monitors adversaries, analyzes evolving tactics, and connects external intelligence with internal telemetry to get a complete picture of their environment and ensure security teams have the right intelligence at the right time.
It used to be that threat insights were scattered across multiple vendors and sources. Without a central system, the team struggled to correlate alerts, attribute activity to adversaries, and understand industry relevance.
“We struggled to connect the dots,” Kumar says.
Vulnerability prioritization was especially challenging. The team’s legacy solution only provided generic vendor risk scores that didn’t indicate the real risk to Landis+Gyr, and whether attackers were actively exploiting those vulnerabilities against their specific sector.
Without a single source of truth, indicators of compromise (IOC) came without attribution or context. The team couldn’t identify which threats were most pressing, who was behind them, or their relevance to their sector. That limited visibility increased the risk that attackers could move deeper into their environment before being detected, leading to longer dwell time and slower response.
Solution
A Platform That Captures Context-Rich Threat Intelligence
Landis+Gyr recognized the need for a shift, and the Recorded Future Intelligence Cloud enabled them to make that transition. By adopting the platform, they successfully created a single, trusted view of adversaries targeting their industry and business. Finally, they could anticipate threats instead of chasing them.
The team leverages Recorded Future’s Threat Intelligence module to gain clear visibility into global threat actors, TTPs, and campaigns relevant to the utilities and energy sector, helping the business focus their defenses where it matters most. Daily sector-specific news alerts allow faster action and raise their situational awareness.
Recorded Future’s threat intelligence gives us overall visibility of the threat actors who can target us and enable us to support security operations with actionable intelligence.
Sanjay Kumar
Uncovering Brand Misuse in Real Time
Technology providers like Landis+Gyr serve customers who depend on trusted digital services. That trust can be undermined by attackers who often impersonate companies in the sector to phish credentials or deliver malware. Fake domains and brand misuse can spark confusion, erode trust, and even result in costly fraud.
Brand Intelligence delivers real-time insights into these and other activities
“We use Brand Intelligence to alert us to typosquatting, malicious look-alike domains, and credential leaks and mentions on the dark web,” Kumar says.
The module also identifies unauthorized use of their logo through the use of optical character recognition (OCR), so they can address it faster.
Prioritizing Vulnerabilities with the Highest Stakes
A single exploited weakness can cause outages and other headaches. With thousands of vulnerabilities emerging each month, generic scoring isn’t enough. Security teams need to know what attackers are exploiting at any given moment.
Landis+Gyr uses Recorded Future to prioritize exposures based on adversary intent and real-world exploitation. Armed with richer, threat-informed intel, their vulnerability management team focuses resources on the exposures with the highest risk rather than wasting time on generic issues.
With Recorded Future, we identify the vulnerabilities which are actively targeted to our industry. That's a big help, because we can prioritize what’s important to us, rather than broader issues with no real relevance.
Sanjay Kumar
Strengthening their Posture with Collective Insights
Threat actors rarely target a single company. They test techniques across a region or vertical. Intelligence grows stronger when signals are connected and shared.
With Collective Insights, Kumar’s team automatically correlates internal IOCs with global intelligence, so they easily spot connections and patterns across indicators.
“Those IOCs help tell the story, and with Recorded Future, we can make the connections. We see if any pattern comes out of it — and we’ve revealed many campaigns targeting us with Collective Insights,” Kumar says.
Watch Sanjay’s Predict 2025 Session From Noise to Intel: Operationalizing Threat Intelligence for Campaign Detection here.
Observing Threats in Action with a Dynamic Sandbox
New malware strains designed to disrupt internal systems often slip past traditional detection tools. Security teams need to understand how a payload behaves to prevent unwanted downtime and keep critical operations safe.
Landis+Gyr uses the Recorded Future Sandbox for rapid malware and URL detonation with attribution and context. Analysts can interact with files while malware is running to observe real behaviours and even pivot into dark-web intelligence for deeper attribution.
“That’s very rare in other sandboxes I’ve seen so far,” Kumar says. “Recorded Future Sandbox gives us attributions from the IOCs, which really helps to find the right attribution. And if you know the right attribution, then you can protect yourself better.”
Results
Anticipating and Outpacing Attackers Across the Attack Chain
With Recorded Future integrated into daily workflows, Kumar’s team has reduced mean time to detect (MTTD), mean time to respond (MTTR), and attacker dwell time. “By integrating intelligence more tightly into our incident response processes, we have improved both our mean time to detect and mean time to respond. We’re identifying issues earlier and resolving them significantly faster than before.”
“We uncover adversaries earlier in the attack chain before they go to the next stages, preventing escalation,” Kumar says.
Having a single pane of glass for threat intelligence reduces noise, speeds up decision-making, and highlights the most relevant threats. Instead of reacting, they’re predicting— and they’re ahead of the game.
“That’s the big achievement from Recorded Future: moving from a reactive posture to a proactive and predictive one,” Kumar explains. “If there’s a threat, we’re ready for it.”
Kumar knows how much threat intelligence matters in today’s environment and is relieved to have a critical edge.
“We know what is relevant to us and which adversaries have the motivation, capability, and intent to target us,” he says. “We used to take action when we had the detections. But with Recorded Future, we are already prepared and stay a step ahead.”