Managed Intelligence: Four Outcomes from Operationalizing Intelligence for Third-Party Risk Management
Actionable intelligence is critical for third party risk management as it’s easy to chase false positives that waste resources. While automation enables timely response, deeper analysis is needed to make information from automated sources actionable. Zero touch diligence provides intuitive and actionable intelligence that matters for businesses assessing third-party risk by fusing robust analytic methodology with a suite of tools to collect, store, enrich, and integrate data from a wide variety of sources. Below are the four outcomes that result from thorough zero touch diligence efforts:
Network and Infrastructure Analysis Validates Vulnerabilities
It’s possible to understand specific vulnerabilities in the network and infrastructure of a third party without gaining access to its environment. Using global netflow analysis and mobile data, discover and analyze a company’s WAN and MPLS network infrastructure, the different ingress and egress points, and internal and external security products they may be using. Some security products may be implemented and configured differently in different areas of the world, thus increasing the risk of infection or potential infection. By reporting this information, an analyst can prioritize remediation efforts depending on the criticality of the vendor’s access and where exactly the vulnerability exists. This also allows an analyst performing third party diligence to report potential vulnerabilities before a breach occurs without doing a comprehensive vendor questionnaire. If a questionnaire is still needed, the analysis can often provide validation that the questionnaire is accurate.
Network and Infrastructure Analysis Detects Potential Compromises
Further, using netflow and mobile data to analyze malware infection frequency and duration of infection provides additional context to identify the efficacy of previous mitigation strategies as well as provide quicker indicators and warning. If a vendor appears to respond quickly to infections, more intensive assessment or remediation might not be warranted. If a vendor is activity compromised and has ongoing access either through software or as a consultant, this analysis may enable faster response time and actionable alerting for both security operations teams.
Dark Web Analysis of Threat Actor Activity Prevents Compromise and Public Relations Nightmare
Breached credentials of key personnel, exploits for software, direct network access, or stolen intellectual property can be circulated amongst communities and forums. Scrubbing social media, surface, deep, and dark web for leaked credentials and indications of a compromise is an efficient means for a third party risk analyst to identify specific risks and take action.
Oftentimes after an actor compromises data, they accidentally copy it to open source sites, leaving artifacts which can be detected even if they are deleted. Analysis can identify any circulating exploits regarding a third-party’s platforms and any intellectual property copied on text storing and file sharing sites like pastebin, github, dropbox, or mega uploads. Regardless, it’s important to investigate the originations of this type of finding and determine if it’s a false positive.
For example, attackers can reach out to a company and demand ransom for payment of a third-party data breach, but may have just discovered the data from another breach. Dark web analysis can confirm the recycled nature of this “breach data.” It’s critical to validate these claims quickly for leadership when millions of dollars of potential ransom are at stake.
Dark Web Research Initiates Insider Threat Investigations
Analysis in the open press could generate new investigations for an insider threat team. For example, if open press identifies a third party was involved in unethical data theft at a client site to enable it to win competitive bids, this could be happening to numerous clients and should be investigated internally. An analyst could refer their own contractors from this third party with access to file shares and sensitive documents for additional monitoring or investigation to ensure this problem isn’t present.
Diligence performed “outside of the firewall” by cyber and OSINT investigations experts provides highly valuable and contextualized information. When used at scale, zero touch diligence is capable of not only arming the third party risk team with actionable insights, but can also provide significant time and cost savings, enabling the business to act both smarter and faster to address its third party risk profile.