With the holiday season behind us, the RiskIQ Digital Footprint team hasn’t slowed down. We have been working hard to make it faster and easier to address gaps in your security posture outside the firewall and provide deeper insight into your Digital Footprint. Today, we’re happy to announce the release of two great new features—Open Ports and custom Workspace Insights.
Open Ports in your IP Inventory
Our Mass Port Scanning initiative is the latest accomplishment in our goal to map the structure of the entire internet. An awesome result of this port scan initiative is that, on a weekly basis, we scan a set of critical open ports across the whole IPv4 space and store the results in our internet data warehouse.
RiskIQ customers using Digital Footprint can investigate Open Ports across your IP footprint, allowing security and IT teams to quickly reduce their exposed digital attack surface by closing unnecessarily opened ports and ensuring the security of necessary services.
Using the Open Ports passive data set, we show what IPs from your footprint are live and responding to port scans. We display this as a drillable summary, showing the quantity of IPs with open ports, and allow you to drill down into the details of each individual IP.
When drilling down, you can see details and history for any IP address in your footprint. We show both the latest observed open ports and all previously open ports.
Using the new Open Ports and our Mass Scan data, we’ve uncovered some interesting exposures. For example, we found a corporate login page that doesn’t have a domain associated. We found this by querying the footprint for IPs with port 443 open and no linked assets (Domains/Websites):
We also uncovered insecure network attached storage (NAS) on the internet, identified by looking for open ports with no linked assets:
Leveraging a continuously monitored Inventory, you can see changes to your organization’s digital attack surface. Our new Workspace Insights builds on top of our Global Insights to enable your team to create and share critical information, as well as easily access frequent queries that are important to your security teams.
Here’s an example with two new Workspace Insights to showcase our new Forms Detection capability. We now detect both the presence of forms and the security of their posted endpoints on our daily Inventory Detailing process that inspects websites in your Digital Footprint.
You can create a shared or private insight by using the Saved Query tool from the Inventory search bar. Users can then use the Workspace Insight, or tweak the query to fit their particular needs.
Some interesting new questions you might want to share within the business include:
1. Using Web Components to discover and remediate End of Life Web servers such as IIS 7.0
Example Query: Status in ("Confirmed") | Type in ("Web Site") | Web Component in ("Microsoft-IIS 7.0")
2. Current Live Websites
Example Query: Status in ("Confirmed") | Type in ("Web Site") | Site Live in ("Yes")
We know our customers will find these new data sets and insights to be helpful in getting better visibility into assets and websites that can present serious security risks to your organization and customers. If you have any questions about our data or features, feel free to email us at firstname.lastname@example.org.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...