The collaboration, announced Tuesday (Feb. 17), is designed to help small businesses, governments and critical infrastructure against cyberthreats without sacrificing innovation, by combining attack surface monitoring capabilities from Mastercard’s Recorded Future and RiskRecon with Cloudflare’s Application Security portfolio.
“Emerging technologies and tools pose opportunities for organizations to innovate at speed and find creative ways to scale their businesses,” the companies said in a new release emailed to PYMNTS. “But as new vendors, outsourced services, shadow IT, and legacy systems are layered into business environments, the attack surface becomes unknown, and security teams are often left in the dark. This presents a potential visibility gap that could allow threat actors to gain the upper hand. Organizations now require cyber defense that allows them to innovate as fast as they want, with the necessary safeguards in place to protect critical information.”
According to the release, the collaboration will let users monitor their digital presence by discovering any internet-facing domains or software stacks running on the web through Recorded Future. Once unprotected assets are spotted, organizations will be able to immediately extend Cloudflare’s Application Security Portfolio to secure these shadow assets.
In addition, Recorded Future can give companies an “A-F” security grade based on a series of checks of security controls related to software vulnerabilities, authentication weaknesses, exposed infrastructure, and third-party risks.
“With small businesses accounting for about half of the world’s GDP, closing the resilience gap is critical to securing the foundation of our global economy,” said Johan Gerber, global head of security solutions at Mastercard. “Our collaboration with Cloudflare propels our mission to secure the digital ecosystem in partnership with governments and other key players, empowering businesses to focus on what matters most: their productivity and growth.”
The partnership follows a year in which the business world was plagued by a series of cybersecurity incidents which—as PYMNTS wrote in December—showed common fault lines.
These included AI-powered adversaries exploiting cloud complexity, supply chains hindered by third-party exposure, and “organizations that could not see, in real time, how risk was accumulating across their digital ecosystems.”
Research from PYMNTS Intelligence found that attackers frequently compromise a vendor first, then exploit the trust relationship to infiltrate their target company. The report showed that 38% of invoice fraud cases and 43% of phishing attacks were tied to compromised vendors.