Third-party vendors may pass initial security assessments with clean questionnaires, solid certifications, and headquarters in a trusted country.
But what about the unseen risks?
The IP address that was actively validated to be a Command and Control (C&C) Server.
The subsidiary of the vendor operating in a country with data privacy or corruption concerns.
The vendor’s facility, located in a sanctioned country.
Third-party risks often stem from cyber or physical incidents. Yet, security professionals consistently struggle to get an accurate and complete picture of all domains, subsidiaries, and physical locations for the third-party vendors they work with.
Today’s vendors aren’t single entities. They’re often complex networks of subsidiaries, acquisitions, and partnerships spread across continents. That niche technology vendor you just purchased might operate through:
- 8 subsidiaries across 4 countries
- Cloud infrastructure in jurisdictions with weak data protection laws
- Legacy systems acquired through M&A – systems that may never have received critical security updates
At Recorded Future we’ve worked with many threat intelligence and third-party risk management teams seeking more visibility into their suppliers’ technical and subsidiary relationships.
In a recent customer survey we heard from a Director of Information Security at a financial institution that “It’s often difficult to get a full picture of all domains, subsidiaries, or global operations – particularly when responding to zero-day threats or geographic disruptions.”
Introducing the Third-Party Intelligence Asset Map
The Third-Party Intelligence Asset Map provides critical visibility into vendor ecosystems. Instead of relying on what vendors disclose in questionnaires, you can investigate the subsidiaries, domains, IP addresses, and facilities for organizations in your supply chain.
Improving initial vendor assessments
Traditional vendor assessments can over rely on self-reported information that can miss critical infrastructure details. The Asset Map improves initial due diligence processes by providing additional details regarding a vendor’s ecosystem before contracts are signed.
Security teams can better identify risky subsidiaries operating in high-threat jurisdictions, view any current or historical technical risks, and spot potential concentration risks in digital infrastructure. This visibility can enable teams to negotiate better contract terms, implement targeted security requirements, and make informed go/no-go decisions based on evidence of their risk exposure.
Proactively responding to new incidents
When threats emerge or geographic disruptions occur, security teams need immediate visibility into which vendors might be affected. The Asset Map enables quick impact assessments by showing critical cyber risks and where vendor infrastructure may be located.
Teams can quickly identify which vendors have facilities in conflict zones, use vulnerable software versions, or have IP addresses communicating with C&C infrastructure. This intelligence allows security teams to proactively reach out to at-risk vendors, implement additional monitoring, and adjust risk postures before incidents escalate into business disruptions.
Three viewing modes
The Asset Map provides users with three different viewing modes to toggle between:
Structure – provides an asset hierarchy showing asset ownership and allows the user to investigate DNS, TLS, and WHOIS data associated with domains alongside their Recorded Future Risk Score.
This helps to answer questions such as what domains and IPs are associated with this company and what are the parent-subsidiary relationship hierarchies?
Risk Rules – enables exploration and analysis of triggered Risk Rules and the digital assets triggering those rules, such as an IP address being validated as a C&C server or recently reported as a host of an active phishing URL.
This helps users answer questions like how do these subsidiaries and digital assets contribute to Recorded Future’s risk score for this company? Or, are there IP addresses I should proactively block?
Map – presents facility locations along with relevant country risks, such as data and surveillance risk or physical security and travel risk. The map also provides information on where digital assets are hosted.
This view can be used to better understand the geopolitical and socioeconomic risks associated with where the company operates.
Enhanced vendor visibility
Questionnaires and certifications show what vendors choose to disclose. The Third-Party Intelligence Asset Map can show you what actually exists.
Map vendor hierarchies, identify high-risk assets, and assess facility locations with country-specific risk context.
Make more confident vendor decisions before contracts are signed and speed up incident response when breaches occur. Learn more about Third-Party Intelligence, and request a demo to uncover how to make fast, effective, data-driven decisions on third-party risks.
Join us at Predict Global in New York City from October 7th - 9th, and at Predict London from October 21st - 22nd to learn more about the future of third-party risk management.
Source: RecordedFuture
Source Link: https://www.recordedfuture.com/blog/uncover-vendors-hidden-infrastructure-before-becomes-problem