Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
As an analyst, how much time can you afford to waste at work?
Do you have eight hours to spend investigating those 203 suspect hosts only to learn a fellow analyst has already determined two weeks ago that they are registered to your company?
Or, what if you had to stop mid-investigation to address a different priority—wouldn’t it be great to come back to an investigation and know how your research had manifested up to that point?
The attack surface of your enterprise is always expanding, and that growth has increased the importance of correlating internal activity with what is happening outside the firewall. This changing threat landscape is why most successful security programs are providing analysts with real-time context to improve the efficiency and outcomes of their investigations so they can discover additional threat infrastructure and block it proactively.
Chefs have a term for the prep work involved in cooking a dish, “mise en place,” or “set in place,” which refers to having all of the spices measured, onions diced, and all the tools they’ll need within reach.
A modern security program should perform a similar task by integrating internal data sets across existing security systems. This integration allows for quicker, more comfortable, and more approachable analysis by the team.
Our goal with PassiveTotal is to help make infrastructure analysis more efficient by bringing a variety of datasets into a single place and providing you with context around the indicators that you query. These data sets can be made even more easily consumable when you provide internally derived tags and classifiers which translate across your teams.
Analysts can add tags to the tag cluster via:
These tags are viewable to all of the users in your PassiveTotal enterprise organization. All data entered into the system is private and not shared with the broader community unless a public project is used.
Classifications inside of PassiveTotal help bring context to IOCs and make your analysis more efficient. Analysts will have a visual indication that the infrastructure they are searching has been determined to have a known classification. Whether malicious, suspicious, or unknown, any added classification will bring instant context to an investigation and can help avoid duplication of work. Save time and enrich your PassiveTotal searches by providing internal context, all in one place.
Here are a few examples to try out:
Questions? Open a chat in PassiveTotal!
Links to documentation:
In the UI: https://help.passivetotal.org/tags_&_classifications.html
Via the API: https://api.passivetotal.org/api/docs/#api-Actions
For today's executives, protecting your organization means protecting yourself—and knowing that personal security sits at the confluence of the physical and digital worlds. https://t.co/HShORi3X6j #ExecutiveProtection #ExecutiveSecurity
Overlap in RiskIQ's unique data sets uncovered a massive threat campaign using popular marketing and analytics tools to target gift card retailers, distributors, and processors. Here's what you need to know https://t.co/GkHsPFwkkd #ThreatIntelligence
Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets l https://t.co/WeyMpruitk @RiskIQ
You can think of Magecart as the ATM skimmers of the web. Thanks to poor security hygiene, they’ve managed to hit 17,000 domains and counting, including some of the 2,000 biggest sites in the world. https://t.co/Gjf5MbnZMa