Land O’Lakes Prioritizes Proactive Security and Automation with Recorded Future Threat Intelligence

Challenge

According to Gartner, approximately 8,000 security vulnerabilities per year were disclosed over the past decade. In the same timeframe, the number of new software releases has grown immensely, expanding organizations’ attack surfaces and resulting in an exponential increase in cyber threats.

On the front lines of cyber defense, the Land O’Lakes threat and vulnerability management team is responsible for a host of critical initiatives including scanning, analysis, patching, testing, and incident response. Over the past four years, the team has nearly doubled in size to help the organization stay ahead of increasingly sophisticated cyberattackers. However, with new vulnerabilities emerging every day, it’s extremely difficult to prioritize and address every potential threat. The Land O’Lakes team needed a way to prioritize vulnerabilities and threats so they could make faster, more informed decisions based on risk.

According to senior security engineer Chris Zieg, “Our existing tools could show us threat information, but we wanted to get more proactive with our research by digging deeper and monitoring for specific information that was relevant to our company.” Additionally, the team placed an emphasis on scaling automation capabilities to help create efficiencies.

Solution

Focused on dual priorities of proactive security and automation, the Land O’Lakes team adopted the Recorded Future platform.

Recorded Future’s unique combination of automated data collection and human analysis across the broadest range of sources and languages generates high-quality, actionable intelligence. This threat intelligence integrates seamlessly into the Land O’Lakes team’s existing security stack — including a SEIM solution and orchestration tool — enriching internal data to help the team identify, assess, and contextualize threats in real time.

“We know we can’t patch everything,” says Zieg. “Recorded Future helps us quickly assess and prioritize things such as phishing emails and critical vulnerabilities, which helps us focus our efforts and speed up response times to high-priority threats.”

Real-time Recorded Future Risk Scores based on actual exploitability enable the team to quickly reduce risk by locating, prioritizing, and patching vulnerabilities that have been weaponized in the wild. Full visibility into the reasoning behind each score helps the Land O’Lakes team weigh the potential disruption of applying a patch against the real-world threat posed by the vulnerability, thus deepening their research capabilities and driving more confident actions.

The team also appreciates the ability to create customized watch lists. By configuring automatic alerts based on topics of interest, they know immediately when their company, product names, and more are mentioned on the web.

“One morning, we received an alert from Recorded Future on a domain registration very similar to ours,” says Zieg. “It looked suspicious, so we checked it out and expanded our search. We could see employees had received phishing emails from this domain, so we immediately took action and deleted the emails from Outlook Exchange and blocked the domain — all before lunch.”

Another time, a fellow engineer on the team uncovered a website exploitation. After it was addressed, the team set up alerts and began monitoring all discussions on the domain. The team now receives real-time updates on these discussions via email and mobile alerts. These relevant insights give the team what they need — when they need it — to make faster decisions and work more efficiently.

Results

Zieg estimates that continuous monitoring, real-time threat intelligence, and automated alerting from the Recorded Future Intelligence Cloud have helped the team boost overall visibility of threats targeting the organization by 25%. He notes that the platform has been especially helpful in speeding up the analysis of phishing attempts. This is significant, as phishing is involved in nearly one-third of all data breaches and it represents the number one threat action today.

By centralizing and continuously updating threat intelligence in real time, Recorded Future has also helped boost collaboration and information sharing across the entire security organization. “Now, if our CISO forwards us an email about a brand new vulnerability, we can do a rapid analysis, find out if it’s going to impact us, and communicate our findings to the security team quickly,” says Zieg.

Impressed with their experience thus far, the Land O’Lakes team plans to automate additional security processes in the future by leveraging threat intelligence from Recorded Future.

“I like how Recorded Future operates and is organized, and I continue to be impressed by the curated information they provide,” he says. “They’re focused on working with us as a company and meeting our individualized needs.”

To see the full PDF, download here.