Third-Party Risk Intelligence: Past and Present
September 10, 2019 • The Recorded Future Team
After months of searching, budgeting, and vetting, you’ve found the perfect vendor to help take your product offering to the next level. You’re excited to start working together and you’ve initiated the onboarding process. The company has provided the requisite new vendor questionnaires and documentation, and your governance, risk, and compliance (GRC) system has assessed the company for risk and found its current risk score to be acceptable. Everything seems in order.
But what you don’t know is that your soon-to-be partner was the target of a highly stealthy and successful malware attack just nine months ago. They may have taken the appropriate steps to resolve the incident, but wouldn’t you still want to be aware of it?
The Full Picture: A Real-Time and Historic View of Third-Party Risk
As your business evolves, you increasingly rely on third parties to provide essential products and services to help you maintain daily operations in the digital transformation era. But each vendor you work with introduces new risks to your organization. Your GRC system helps you manage your third-party risk ecosystem, but without contextualized intelligence on active, emerging, and historic threats to each supplier, you may be missing an important piece of the puzzle.
This short video explains how threat intelligence can help maintain high-quality, real-time external data to feed GRC systems:
Recorded Future’s third-party risk intelligence helps connect those dots and complements your existing risk management process. As a seamless integration into your GRC system, the solution delivers both real-time context and access to a historic view of how the vendor’s risk standing has changed over time. This can help you understand how the organization is addressing (or not addressing) cyber risk to strengthen their overall security posture. Here’s a closer look at how this works.
Vendor Onboarding Assessments
With risk intelligence from Recorded Future, our vendor selection and onboarding story above would have played out a bit differently. Our Company Intelligence Cards provide real-time risk scores along with risk history data through a trend-line graph. This allows you to see how a company’s risk has changed over the last 12 months. When spikes in risk are identified, you can easily drill down into specific timestamps for supporting risk rules and deeper analysis. With this additional context, you can validate accuracy of vendor assessments, assess the company’s holistic risk standing, speed up due diligence, and more effectively weigh the risks against the rewards of doing business together.
Continuous Monitoring of Third Parties
With Recorded Future, you can shift from a static, point-in-time approach and continuously monitor for risk intelligence on each and every third-party vendor in your ecosystem — directly from your GRC. Gain insights into important sources of information like:
- Corporate emails, credentials, and company mentions found on the dark web
- Negative social media chatter
- Domain abuse (often indicative of phishing attacks)
- Use of vulnerable technologies
- IT infrastructure misuse or abuse
With customizable settings, you can receive risk-prioritized alerts in real time. This means you’ll know about new risks and their severity immediately. If a vendor has been breached, you’ll know as soon as it happens so you can address threats quickly. And with historic context, you’ll know if it’s happened before.
Third-Party Risk Remediation
Access to tens of thousands of Company Intelligence Cards (all available at one fixed price) gives you a complete picture of your risk landscape, updated in real time. Dynamic Recorded Future risk scores on each company help your security team prioritize alerts and speed analysis, while easily drilling down into historic context from the past year and original sources for additional information. When there’s an issue, you have the information at your fingertips needed to address mitigation steps with third parties and make any proactive internal security changes.
Interested in learning more about context-driven third-party risk management from Recorded Future? Learn how a national insurance company slashed time spent on due diligence and reference checking in half, and download our GRC solution brief for additional details.