For many of us, what draws us into cybersecurity is that original promise of the internet—bringing people together. That idea of creating connections across the world and making sure those connections are safe is something worth defending every single day.
Recently, that promise has come into jeopardy like never before. There have been over a dozen 0days in the past few months alone. We're just months removed from SolarWinds, an unprecedented attack in the level of privilege and access to networks. Since then, we've dealt with the Microsoft Exchange vulnerability, an incident even more significant in scale and effect, initially affecting more than 400,000 servers worldwide.
The sheer size of these attacks goes beyond our original concepts of security. In reality, these new global-scale attacks aren't a security problem; they're a big data problem that requires a new type of security intelligence.
How Did We Get Here?
SolarWinds, F5, Exchange, Accellion, PHP—it seems like every day there's a new vulnerability in a ubiquitous system affecting thousands of organizations at once. There will probably be another one by the time you read this.
However, today's attacks are the result of a digital transformation that kicked off years ago. As we helped Microsoft in their Exchange server patching efforts and worked with organizations worldwide to respond to the SolarWinds attack, I couldn't help but reflect on more than a decade ago when we launched RiskIQ. Security teams were focused on protecting the traditional perimeter, but all around us, IT activity was setting the stage for the massive global-scale attacks we see today.
The digital enterprise was shifting to the internet. Saas apps like Salesforce were taking off; mobile apps were suddenly everywhere; cloud services like AWS were becoming the basis of development—essentially, the internet was becoming the network, and the extended enterprise was born.
We built RiskIQ's technology to crawl the web and collect as much data as possible to help customers see their attack surfaces from a global, top-down perspective. By understanding the deep digital relationships in their unique attack surface and how that connects with the worldwide attack surface, organizations could know how they were most vulnerable.
RiskIQ Illuminate is the next milestone in our journey.
Introducing RiskIQ Illuminate
Today, we have made it easier than ever for any CISO or security team to gain the upper hand on adversaries. We are very excited to be launching the RiskIQ Illuminate Internet Intelligence Platform so defenders can more easily leverage our internet-wide visibility into global threats and exposures.
Enabled by our founding technology, RiskIQ Illumuniate gives you back visibility and control across the extended enterprise, providing researchers, analysts, and teams on the ground visibility into their digital presence from every angle. It also provides CISOs and security management visibility into how attackers are targeting the organization.
This real-time intelligence derived from both the enterprise attack surface and adversary infrastructure is key to prioritizing, analyzing, and triaging the new breed of pervasive, massive-scale threats currently wreaking havoc on the global community.
With RiskIQ Illuminate, security intelligence evolves as fast as threat actors do because it's fortified with trillions of observations of both an organization's unique attack surface and threat groups and their tools and tactics. This context prioritizes the most critical exposures, future-proofs security programs against emerging threats, and optimizes precious security resources.
Illuminating the Next Vulnerability
Illuminate brings a broad view to security analysis by focusing on the entire internet, not just a tiny portion of it. When a new vulnerability is published, the first question to answer is always “How bad is it?” Then, “How many organizations are impacted, and who is actively exploiting the vulnerability?”
The global view offered by Illuminate puts us in the best position to help you monitor your organization's unique attack surface, its digital supply chain, and your industry as a whole to quickly get the answers to these questions. The platform offers several unique modules to provide this:
Attack Surface Intelligence: RiskIQ Illuminate connects digital relationships that show who is attacking you, your assets at risk, and your most critical exposures across your digital ecosystem.
Security Operations Intelligence: Reputation scoring and one-click lookups across the open Internet and deep and dark web remove the guesswork from threat intelligence.
Third-Party Intelligence: RiskIQ's view of the global attack surface enables customers to identify risks within other digital footprints and technology supply chains, including organizations and institutions, partners, peers, and vendors.
Cyber Threat Intelligence: RiskIQ’s global view of adversary infrastructure exceeds what is currently possible with traditional threat intelligence approaches, presenting new ways to detect, hunt, and respond to advanced adversaries—including top APT actors and widely used tools leveraged by all adversaries.
Applying RiskIQ Illuminate Within
Our goal with RiskIQ Illuminate is to make it easier for you to identify and contain threats and make sure our technology is evolving as quickly as the threat landscape. We do this through threat research.
Our threat research team works every day to help the cybersecurity community understand the severity and extent of attacks and their relevance to each unique organization. They work tirelessly to help customers understand how the latest attacks are happening, which ones target their industry, which threat actors are behind them, and the tools and techniques the attackers use.
Our recent tracking of vulnerable Microsoft Exchange servers was a great example of the power of threat research. Our technology was the system of record for showing the progress of patching efforts. Awareness drives behavior, and the number of vulnerable servers dropped very rapidly after our reports. It continues to decrease as stakeholders understand their attack surface and the threats targeting them.
Using dynamic security intelligence to understand your stake in the global attack surface so you can focus on the threats that matter most may seem like an internet-scale cat and mouse game. However, that’s precisely the new global dynamic between attackers and defenders, and tailored security intelligence from RiskIQ Illuminate bends the rules in your favor.
Where We Go From Here
Continuing to provide innovative security solutions that security leadership can trust and rely on is most important to me. That's why we continue to innovate.
RiskIQ Illuminate is the first step in bringing together global visibility for both your attack surface, your third parties, and the threats and threat actors targeting you––all in a single platform. We also know our customers want to pull intelligence into the products and security stack––to make those systems smarter and orchestrate a rapid, coordinated, cross-functional response.
The platform has modules for everyone in the security team from the CISO, SecOps, CTI, Brand Intelligence, and Vulnerability Teams, enabling a unified view of internet threats that ultimately speed up decision-making and response times to reduce overall risk.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...