Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
March 3, 2017, Hiten Sharma
Are you ready for the EU GDPR?
The EU General Data Protection Regulation (GDPR) takes effect next May and applies not only to organisations with operations in the EU but also to any organisation that targets EU citizens electronically, even if they have no physical presence in the EU. The fines for noncompliance are steep, and as a result, most, if not all, large organisations have active GDPR projects running.
GDPR defines stringent guidelines for the collection, storage, and processing of personally identifiable information. Regarding collection, if your public-facing digital assets collect PII, they are in scope for GDPR.
RiskIQ Digital Footprint mapping gives you the ability to have a full view of what your web assets look like from an end user perspective. As a technical account manager, one of my roles is to help customers operationalise RiskIQ intelligence within their organisation. With the scale and variety of data that RiskIQ captures, an interesting part of my job is to understand how this data is made actionable for different business units.
Some time ago, I was talking to a customer who was looking for a better way to isolate all in-scope websites. With a single click, RiskIQ can isolate websites that contain generic site access attributes in the site page. However, given the global and multilingual nature of their business, the customer wanted more. For example, sites specifically created for a region where English is not used or understood, and, therefore, will not be flagged in the view below:
Fig-1 Sites listed in the RiskIQ tool
Although this use case sounds quite complex, it was relatively easy to deliver. Here’s why:
Our crawler technology is designed to emulate real and random user behaviour, and by doing so, we capture and store each document object model (DOM) for each page we crawl. With input from the customer and the use of our integrated API, we were easily able to identify all their websites that collect PII, regardless of language or layout. This exercise uncovered 300% more Login/PII collection sites then were known previously, many of which were collecting and transmitting data insecurely.
In recent months, many more of our EU customers have worked with us on similar projects to ensure they have a complete view of sites to review. In addition to GDPR compliance, the exercise is helping them improve the protection of their customers and their brand.
Try RiskIQ Community Edition for free and get your organization’s digital footprint today.