Modern attack surfaces extend across every place your business operates, from your first-party technology assets to your third-party network of suppliers and vendors. To spot risks before attackers do, you need to maintain continuous visibility across this expanding landscape. Employee credentials can become compromised, unknown or vulnerable internet assets can be exploited, and supply chain partners with spotty security hygiene can provide adversaries with easy access to your network and data.

At Recorded Future, weve seen firsthand how practitioners are transforming their security programs by adopting proactive strategies to protect their first- and third-party attack surfaces.

In our experience, security teams that successfully defend against these threats share a common approach: They combine comprehensive visibility with contextual intelligence.

By understanding not just the risks that exist, but why those risks matter to the organization, these security teams enable rapid, informed decision-making that strengthens their security posture.

In this blog post, well explore how a few select customers are taking an intelligence-led approach to reducing attack surface risks. Youll discover how:

• Toyota Motor North America quickly remediates compromised employee credentials to prevent unauthorized access.
• Cummins identifies and secures internet-facing assets to reduce their vulnerable attack surface.
• Novavax takes an intelligence-driven approach to vendor risk management for greater supply chain resilience.
• INVESTBANK maintains continuous awareness of vulnerabilities alongside new updates and releases.

See the impactful results these companies have achieved, and learn how we can empower your security team to stay ahead of threats and build lasting resilience.

Toyota Motors North America Defends the Human Identity Attack Surface

“The timeliness of being able to take compromised credentials out of the marketplace is really beneficial.” Curtis Hartsell, CTI Manager, Toyota Motors North America (watch the full video here)

According to the 2024 Verizon Data Breach Investigation Report, 31% of all breaches over the last 10 years have involved the use of stolen credentials. With the rise of stealthy infostealers, threat actors are more likely to log in with stolen credentials than hack their way in. The Verizon report also found more than a thousand credentials being posted for sale on the dark web each day, with an average price of $10, proving that theres serious demand from cybercriminals.

To help Toyota Motors North America gain an edge, Cyber Threat Intelligence Manager Curtis Hartsell relies on Recorded Futures Identity Intelligence Module. The product allows Hartsell and team to take swift action on compromised credentials, automating credential resets before bad actors can gain access to the companys systems.

In one example, he said, We had a compromised credential at 7 oclock. Two hours later Identity [Intelligence] is notifying of those compromised credentials, and about thirty or forty minutes after the Identity Module alert, we see attempts to use that account.

Immediate visibility into newly compromised credentials helps Toyota Motors North America automate response actions and secure accounts instantly. This automation eliminates the need for constant manual intervention, allowing Hartsell and team to focus on higher-value tasks.

Cummins Identifies and Reduces Attack Surface Risk

We have two main problem statements when were looking at this attack surface problem: What is our attack surface? And then how do we secure it? Theres a couple of different actions you take, whether its remediation or reduction. We love reduction. If it cant be on the internet. Great. Lets get it off there. Mattheus Bittick, Attack Surface Reduction Analyst, Cummins (watch the full video here)

Continuous monitoring of your first-party attack surface everything in your network and systems that can be accessed from the internet is resource-intensive and challenging, especially given that employees and contractors often spin up assets outside your security teams purview. This should be a major concern, as 76% of organizations have suffered a cyberattack that started with the exploit of an unknown, unmanaged, or poorly managed internet-facing asset (TechTarget).

Before implementing Recorded Futures Attack Surface Intelligence Module, Cummins Attack Surface Reduction Analyst Mattheus Bittick said his team spent around 80 hours per week trying to analyze and map the companys external attack surface. And even then, the team was blind to around 20% of the landscape.

With no capacity for continuous scanning and information-gathering and no existing inventory specific to external-facing assets, Bitticks team was unable to prioritize risks based on the attackers perspective. And since the company has had an internet presence for a long period of time, there was a large unexplored landscape of unknown unknowns and abandoned infrastructure.

Now, Attack Surface Intelligence is a central technology for the Cummins Attack Surface Risk Management Program.

The first tool I go to every morning is Attack Surface Intelligence. Whats new today? Whats going on that we need to prioritize and triage? Recorded Future shows us how we can take action, and takes our risk assessments to the next level. Mattheus Bittick, Attack Surface Reduction Analyst, Cummins

Thanks to automated discovery and attribution of assets associated with the organization, Bittick and team get a real-time view of their external attack surface, from the same perspective as an attacker. This increased visibility into key areas of risk like vulnerabilities, misconfigurations, and shadow IT has helped Cummins reduce its vulnerable attack surface by 51% over a period of six months. And by removing key areas of risk and decommissioning forgotten infrastructure, the company has reduced its cyber insurance premiums by 32% year-over-year.

Novavax Proactively Monitors for Third-Party Vendor Breaches

We sharpened a lot of processes by introducing Third-Party Intelligence to our risk assessments, so we can make informed decisions about the vendors we do business with[Recorded Future] gives us an opportunity to launch an investigation to see what the vendor has access to, what we need to be concerned about, and how we can better protect ourselves. Nathalie Salisbury, Strategic Threat Intelligence Analyst, Novavax (Watch the full video here)

Since third-party vendors arent always held to the same standards as enterprise organizations, those with spotty security hygiene can become the soft underbelly of your attack surface. According to the 2024 Verizon Data Breach Investigation Report, 15% of breaches involved a third party or supplier. And the IBM Cost of a Data Breach 2024 Report found that the average cost of a breach increased by $240,599 when it came via a third party.

Making matters worse, supply chain partners often delay or withhold disclosure of security incidents due to concerns about reputation and liability. As they take time to investigate and formulate damage-control strategies, the companies that rely on them may be unaware that their own systems are under attack or that their data has been compromised.

Nathalie Salisbury, Strategic Threat Intelligence Analyst at Novavax, says that Recorded Futures Third-Party Intelligence Module shines a light on these risks before vendors disclose them.

A couple of times now, Recorded Future has alerted us to something prior to the third-party vendor, she said. Thats huge when were trying to protect our data. That gives us an opportunity to launch an investigation and see what the compromised vendor had access to, [what] we need to be concerned about, and [how to] evaluate our overall third-party risk.

As a result, Recorded Future is a critical part of the teams proactive approach to managing their third-party attack surface, both in evaluating new vendors and continuously monitoring existing ones.

INVESTBANK Continuously Monitors and Protects Against Vulnerabilities

Vulnerability Intelligence provides access to a large database of exploits and vulnerabilities so that we can remit them faster and implement compensation controls until a patch is released. Riyad Jazmawi, Head of Information Security. (Read the full case study here).

Vulnerabilities continue to be one of the top initial access vectors for threat actors. In fact, 2024 might have been a watershed for vulnerability exploitation. When Verizon looked at the critical paths attackers use to initiate breaches, their research found that vulnerability exploitation grew 3X year-over-year.

This will come as little surprise to those whove tracked prominent ransomware groups over the past year. The exploitation of Progress Softwares MOVEit and other Managed File Transfer (MFT) products, such as Cleo MFT, have enabled threat actors to successfully pull off a number of large-scale breaches.

INVESTBANK wanted to respond more productively to zero-day exploits and vulnerabilities being exploited in the wild. As a fast-moving organization with many digital services, it needed to ensure that it could maintain continuous awareness of any PoCs or critical vulnerabilities in its tech stack.

Recorded Futures Vulnerability Intelligence Module has helped the company improve its defenses against vulnerabilities.

Vulnerability Intelligence provides access to a large database of exploits and vulnerabilities so that we can remit them faster and implement compensation controls until a patch is released, said Riyad Jazmawi, Head of Information Security.

To reduce risk, organizations must have visibility into the vulnerabilities in their tech stacks, and they need the context to make patching prioritization decisions. Verizon found that it takes 55 days to remediate 50% of CISA Known Exploited Vulnerabilities (KEV) once patches become available.

With Recorded Futures Vulnerability Intelligence, you can pinpoint and take action on vulnerabilities to keep attackers from gaining access to your network and data.

Conclusion

As a security leader, you need visibility into any first-party or third-party asset that could be targeted and exploited by threat actors and you need context to understand how to prioritize and mitigate threats.To learn more about how Recorded Future can help you take the next step in strengthening your organizations defenses, request a custom demo.