Bridging the Gap Between Threat Intelligence and Third-Party Risk
September 26, 2019 • The Recorded Future Team
Recorded Future recently hosted a webinar with Jennifer Pesci-Anderson, VP of National Practice Lead at Verterim, titled “Bridging the Gap Between Threat Intelligence and Third-Party Risk.” The presenters covered the importance of holistic risk management, challenges faced by risk management teams, and ways to advance your organization’s third-party risk maturity with threat intelligence. If you couldn’t attend the webinar live, the key insights are summarized below.
Third-Party Ecosystem Growing Pains
As organizations evolve and embrace new technologies and processes to become more connected, collaborative, efficient, innovative, and competitive, their reliance on third-party ecosystems continues to grow, as well. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges.
Since third-party relationships are complex, so is third-party risk management. It involves more stakeholders and data sources than many people may think: cyber risk information, of course, but also supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.
That’s why risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information from regulatory compliance mandates, vendor questionnaires, and external intelligence in order to gain a more holistic view of their third-party ecosystem.
Bridging the Gap With Threat Intelligence
Cyber third-party risk data is just one piece of the puzzle, but it’s still critical to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk allows organizations to better understand overall risk profiles and access relevant insights updated in real time. This gives risk management teams the insights they need when they need them to make faster, more confident decisions and effectively manage third-party risk.
Recorded Future helps organizations reduce risk with the industry’s only threat-centric risk intelligence solution for GRC powered by patented machine learning and artificial intelligence. The solution delivers threat intelligence in real time so third-party views stay relevant, integrates seamlessly with GRC solutions, and empowers analysts to better detect, prioritize, and contextualize cyber threats associated with third parties, all in real time.
Recorded Future for RSA Archer GRC
Actionable threat intelligence integrated into existing GRC solutions gives risk management teams the information needed to continuously monitor vendors, streamline due diligence, and quickly mitigate threats. For example, let’s say you’re evaluating a new potential vendor. You begin your risk assessment of this vendor by sending them a questionnaire via RSA Archer GRC, asking them about their internal security controls. The vendor then manually submits their answers to your questionnaire, which appear in your RSA Archer GRC instance. RSA Archer GRC then calculates an initial risk assessment based on the answers provided in the questionnaire.
However, with the Recorded Future integration for RSA Archer GRC, real-time intelligence can then enrich the initial risk assessment and surface details on historic and present security incidents, calculating a new comprehensive risk rating directly in the RSA Archer Third-Party Profile. Now, your team can validate the accuracy of vendor-provided information, assess the company’s holistic risk standing, and more confidently onboard new third parties.
To learn more about Recorded Future’s integration for RSA Archer GRC, view the recording of yesterday’s webinar, “Bridging the Gap Between Threat Intelligence and Third-Party Risk,” or download our recently published solution brief, “Supercharging GRC Solutions with Threat Intelligence.”