Partner Deep-Dive: RiskIQ Digital Footprint for Splunk

External Threat Management Analyst

Partner Deep-Dive: RiskIQ Digital Footprint for Splunk

August 24, 2020

By Brandon Dixon

Organizations lack visibility into their digital assets, their external network of internet-connected services and devices growing wildly outside their firewalls to support a workforce that will be remote for the foreseeable future.

The enterprise digital attack surface is now regularly in flux and no longer in the purview of most security controls. More internet devices and services stood up outside the firewall mean complexity goes up, and "non-standard" becomes the norm. Keeping tabs on its composition and the infrastructure of attackers targeting it is one of the most challenging jobs facing security teams today. While organizations grapple with their attack surface, attackers are more active than ever before. More than 375 new threats sprout up every minute, with a wave of phishing attacks, typosquat registrations, and disinformation taking advantage of the COVID-19 pandemic.

In this new security environment, attack surface management and a 360-degree view of your attack surface. Deep insight across the public internet makes it not only possible but also manageable.

RiskIQ has long held integrations with Splunk and recently doubled-downed our investment and brought our full suite of offerings to the Data-to-Everything platform to deliver best-in-class attack surface management and risk reporting. The RiskIQ Digital Footprint App for Splunk taps into RiskIQ's global visibility to enable organizations to discover their entire attack surface. Combining the RiskIQ Internet Intelligence Graph, which extracts terabytes of internet data daily to map the billions of relationships between internet-exposed infrastructure worldwide, and Splunk data in one location shows a 360-degree view of an attack surface.

The Digital Footprint app automatically and continuously updates Splunk with an organization's external asset inventory, including asset metadata, without the need for agents or customer interaction. RiskIQ correlates and enriches this external asset inventory with Splunk's internal data to build reports, dashboards, identify vulnerabilities, and enable proactive attack surface management.

Users can access these offerings directly from Splunkbase and find detailed support information on our RiskIQ Interlock Partner Page.

Here's what adding the RiskIQ Digital Footprint App to your team's workflow looks like:

Informed Vulnerability Management––Nearly every business with a security program has a vulnerability management function. However, this function is often internally focused and ignores the assets that matter the most––ones that are forgotten or stood up on the internet outside of security's purview. Using the RiskIQ Digital Footprint App for Splunk, organizations can sync the asset inventory directly within Splunk. Drive automation, reports, and other actions straight from Splunk.

Vulnerability insights

RiskIQ has collected all this metadata and associated it with the asset. Data synced from RiskIQ to Splunk include this level of detail. Clicking within the pre-built reports and dashboards exposes assets that match the particular queries, including metadata and a link back to the RiskIQ platform.

Query results matching at-risk servers

Trigger Workflows––Reacting to vulnerabilities, especially remote code execution ones that impact internet-facing technologies, is never a position in which a security professional wants to be. With RiskIQ Digital Footprint for Splunk, joint customers can begin to automate specific workflows like alerting the security team to changes in their digital footprint, vulnerable services, or hygiene issues. This automation saves time and delivers a proactive solution that allows the business to start putting mitigating measures in place before a threat becomes active.

In today's fast-paced threat environment, cobbling together open-source tools isn't nearly enough. When you understand every asset you own, you can then drive action. With RiskIQ data inside Splunk, you know the asset type, the technology it's running, the services it exposes, who owns the asset, where it's hosted, and more.

Be sure to install the RiskIQ Digital Footprint app and add-on. For a high-level look at your organization's Digital Footprint, register for a free Digital Footprint Snapshot today.

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event