One of the most exciting parts of my job is helping customers understand how they can operationalize the large repository of Internet-scale data that RiskIQ collects to action external threats. Because we don't want to offer an amount of data so large that customers can’t work with it, i.e., action the findings and ultimately derive value from it, we spend a lot of individual time with each customer mapping out what is important to them.
There are three main variables we consider to decide what’s most important:
- What the threat is
- What that threat means regarding risk
- What constitutes an unacceptable risk, and therefore requires action
Once we identify the actionable data, it then becomes a question of what the capabilities of the customer are:
- Does the customer have the correct teams and workflows in place to fix actionable issues?
- Are the teams of sufficient size and shape to effectively deal with the anticipated volume?
- If the answer to either of the above is no, can the customer implement change to address the capability gap? What can RiskIQ do to help close this gap?
These discussions culminate in an understanding of what the customer needs to see out of all the data collected by RiskIQ and what they can operationalize, or put the practices into place that enable issues to be identified and addressed quickly and efficiently for all the stakeholders involved. Stakeholders can, of course, come in many forms. Internally, they can be the business owner or IT Services, risk management, or compliance personnel. Externally, stakeholders can include regulatory bodies, and most importantly, customers.
Here are a few examples of how our customers are using this data and how we interact with them:
1. A financial services company uses RiskIQ's Enterprise Digital Footprint to extract data each quarter, specifically to identify new websites they may not be aware of. They use this website data for vulnerability assessments to meet their vigorous audit requirements. This customer started with a very particular use case, focusing on a single data set. But they are now eager to expand their use to other data sets within the tool.
2. A global manufacturing organization uses RiskIQ’s Enterprise Digital Footprint to manage their externally facing assets across multiple regions. While we interface with and provide data to a central governance team, that team distribute certain data sets across the regional teams for action. The governance team also use this data to measure compliance across the global estate. In this example, data of interest includes:
- Websites, including content analysis
- Vulnerable web servers and web components
- SSL certificates
- Infrastructure changes
This customer has a mature threat identification, risk management, and compliance regime. This example is typical of how we work with larger organizations, in that we work directly with a team who interface out to the wider business areas. While this customer makes extensive use of multiple data sets from their Digital Footprint inventory, they are now looking to expand their use of the tool to the External Threat Detection Suite.
3. Another financial services company uses RiskIQ to identify mobile apps that could damage the brand, something that falls under reputation risk. This company is an example of a relatively self-sufficient company that undertakes most of the workflow from identification, through review to enforcement themselves. We get involved toward the latter end of the workflow where enforcements need to be managed to completion.
One take away from looking at these examples is that there is no single right way to consume and action the data provided by RiskIQ. From my perspective, the only right way is the way that delivers the value the customer needs based on their specific requirements and use cases. Finally, the examples I have given above have been at a relatively high-level. You can read more about RiskIQ’s datasets here.
Remember, made PassiveTotal and Digital Footprint Community Editions available for free so external threat hunters and defenders can action external threats. To learn more, read our Press Release and sign up for free by visiting www.riskiq.com/community.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...