Third-Party Risk integrates these external risks with cyberrisks assumed internally, allowing an organization to obtain an integrated analysis of their total risk profile, and providing Recorded Future’s channel partners with a differentiated offering.
Today, Boston-based cybersecurity provider Recorded Future is announcing the availability of its new Third-Party Risk module. It integrates with Recorded Future’s core offering to discover, contextualize and rate the threat environment posed to an organization by third party risks.
Recorded Future has been around since 2009 – technically still a startup although they think of themselves as out of that stage. The company is deeply focused on threat intelligence, using machine and artificial intelligence to enable security teams to quickly identify and respond to threats. Their Threat Intelligence Machine is their core solution, and they believe it remains a highly differentiated offering in today’s world where vendors routinely claim that their solutions are imbued with machine learning and artificial intelligence.
“Our distinction is that we spent so much time and resources perfecting it,” said Ashleigh Serrano Erturk, Director of Partner Marketing at Recorded Future. “The team has put so much into our unique machine learning and natural language processing. We truly believe in it.”
Like most vendors in this space, Recorded Future started selling into the enterprise, but has broadened out somewhat further downmarket.
“Our legacy is certainly enterprise,” Erturk stated. “Threat intelligence was originally for organizations that had very sophisticated security teams with considerable resources, and those were in the enterprise. That was our starting point. But over the last five or six years, we have attempted to make our offering relevant for every security professional. SOCs remain one of our key targets, but we also integrate with a wide variety of those who don’t have SOCs as well.”
They have begun to build out a channel over the last two years, and introduced a channel program last year.
“I joined in March 2017, and we started working with partners then, but we have grown that business over the last year,” Erturk said. “It’s a real mix of partner types. We have some larger partners, some boutique ones, some MSSPs, and also a wide variety of integration partners and OEMs.”
Third Party Risk is a net-new offering which will be sold as a separate add-on module.
“It is able to assess context and rate the danger of specific third-party threats,” Erturk said. Third-party threats are indirect threats that can be incurred from a relationship with another vendor. Forrester Research says that these threats have been growing in number with the increase in digitalization, and that third parties were the cause of 21 per cent of confirmed breaches in 2018 – up from 17 per cent in 2017.
“We are able to integrate these third-party risks with direct and indirect cyberrisks the organization is exposed to itself, and do this on a single platform, which is critically important,” Erturk said. This lets threat intelligence teams integrate vendor analysis into their overall business risk assessment and security strategy, regardless of the threat’s origin. It lets the security teams make decisions about how to engage with specific third parties knowing the threat context that they pose.
“There are third party threat intelligence rating services, but they are very static,” Erturk emphasized. “The threat landscape is constantly changing. Third-Party Risk doesn’t provide a snapshot, but an ongoing dynamic analysis, It’s a much more comprehensive way to analyze threats to your business.”
Dark web footprint, domain abuse, unpatched vulnerable technologies, and IT policy violations are among the risk indicators that Third Party Risk looks for.
“We generate intelligence cards – think of them as somewhat similar to baseball cards – with a risk score,” Erturk said. “You can see all of the data that goes into a certain score. It gives clients a more holistic picture of their risk, that they can determine quickly.”
That will make Third-Party Risk valuable to Recorded Future’s channel partners.
“It’s a huge differentiator for them,” Erturk said.