Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
As an analyst, how much time can you afford to waste at work?
Do you have eight hours to spend investigating those 203 suspect hosts only to learn a fellow analyst has already determined two weeks ago that they are registered to your company?
Or, what if you had to stop mid-investigation to address a different priority—wouldn’t it be great to come back to an investigation and know how your research had manifested up to that point?
The attack surface of your enterprise is always expanding, and that growth has increased the importance of correlating internal activity with what is happening outside the firewall. This changing threat landscape is why most successful security programs are providing analysts with real-time context to improve the efficiency and outcomes of their investigations so they can discover additional threat infrastructure and block it proactively.
Chefs have a term for the prep work involved in cooking a dish, “mise en place,” or “set in place,” which refers to having all of the spices measured, onions diced, and all the tools they’ll need within reach.
A modern security program should perform a similar task by integrating internal data sets across existing security systems. This integration allows for quicker, more comfortable, and more approachable analysis by the team.
Our goal with PassiveTotal is to help make infrastructure analysis more efficient by bringing a variety of datasets into a single place and providing you with context around the indicators that you query. These data sets can be made even more easily consumable when you provide internally derived tags and classifiers which translate across your teams.
Analysts can add tags to the tag cluster via:
These tags are viewable to all of the users in your PassiveTotal enterprise organization. All data entered into the system is private and not shared with the broader community unless a public project is used.
Classifications inside of PassiveTotal help bring context to IOCs and make your analysis more efficient. Analysts will have a visual indication that the infrastructure they are searching has been determined to have a known classification. Whether malicious, suspicious, or unknown, any added classification will bring instant context to an investigation and can help avoid duplication of work. Save time and enrich your PassiveTotal searches by providing internal context, all in one place.
Here are a few examples to try out:
Questions? Open a chat in PassiveTotal!
Links to documentation:
In the UI: https://help.passivetotal.org/tags_&_classifications.html
Via the API: https://api.passivetotal.org/api/docs/#api-Actions
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt
Credit Card Skimmer Found on Nine Sites, Researchers Ignored - by @Ionut_Ilascu
Looking for plans in San Francisco Monday night during #RSAC 2020? You're invited to party with RiskIQ at IGNITE, hosted by @FlashpointIntel! RSVP today: https://bit.ly/2R1SPJe