Organizations lack visibility into their digital assets, their external network of internet-connected services and devices growing wildly outside their firewalls to support a workforce that will be remote for the foreseeable future.
The enterprise digital attack surface is now regularly in flux and no longer in the purview of most security controls. More internet devices and services stood up outside the firewall mean complexity goes up, and "non-standard" becomes the norm. Keeping tabs on its composition and the infrastructure of attackers targeting it is one of the most challenging jobs facing security teams today. While organizations grapple with their attack surface, attackers are more active than ever before. More than 375 new threats sprout up every minute, with a wave of phishing attacks, typosquat registrations, and disinformation taking advantage of the COVID-19 pandemic.
In this new security environment, attack surface management and a 360-degree view of your attack surface. Deep insight across the public internet makes it not only possible but also manageable.
RiskIQ has long held integrations with Splunk and recently doubled-downed our investment and brought our full suite of offerings to the Data-to-Everything platform to deliver best-in-class attack surface management and risk reporting. The RiskIQ Digital Footprint App for Splunk taps into RiskIQ's global visibility to enable organizations to discover their entire attack surface. Combining the RiskIQ Internet Intelligence Graph, which extracts terabytes of internet data daily to map the billions of relationships between internet-exposed infrastructure worldwide, and Splunk data in one location shows a 360-degree view of an attack surface.
The Digital Footprint app automatically and continuously updates Splunk with an organization's external asset inventory, including asset metadata, without the need for agents or customer interaction. RiskIQ correlates and enriches this external asset inventory with Splunk's internal data to build reports, dashboards, identify vulnerabilities, and enable proactive attack surface management.
Users can access these offerings directly from Splunkbase and find detailed support information on our RiskIQ Interlock Partner Page.
Here's what adding the RiskIQ Digital Footprint App to your team's workflow looks like:
Informed Vulnerability Management––Nearly every business with a security program has a vulnerability management function. However, this function is often internally focused and ignores the assets that matter the most––ones that are forgotten or stood up on the internet outside of security's purview. Using the RiskIQ Digital Footprint App for Splunk, organizations can sync the asset inventory directly within Splunk. Drive automation, reports, and other actions straight from Splunk.
RiskIQ has collected all this metadata and associated it with the asset. Data synced from RiskIQ to Splunk include this level of detail. Clicking within the pre-built reports and dashboards exposes assets that match the particular queries, including metadata and a link back to the RiskIQ platform.
Trigger Workflows––Reacting to vulnerabilities, especially remote code execution ones that impact internet-facing technologies, is never a position in which a security professional wants to be. With RiskIQ Digital Footprint for Splunk, joint customers can begin to automate specific workflows like alerting the security team to changes in their digital footprint, vulnerable services, or hygiene issues. This automation saves time and delivers a proactive solution that allows the business to start putting mitigating measures in place before a threat becomes active.
In today's fast-paced threat environment, cobbling together open-source tools isn't nearly enough. When you understand every asset you own, you can then drive action. With RiskIQ data inside Splunk, you know the asset type, the technology it's running, the services it exposes, who owns the asset, where it's hosted, and more.