Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
The internet is like a tapestry that’s ever-expanding in all directions. Each of its components—websites, IP addresses, components, frameworks, and code—are individual threads that are all woven together to create the web as we know it. Being a part of this tapestry isn’t a choice; if you have an internet presence, you are interwoven with every other entity on the web, including attackers. Those who understand how these connections work, good guy or bad guy, are the ones who win.
This is the first of an eight-part blog series exploring what makes RiskIQ different in a crowded, noisy market. The first differentiator we’ll outline is RiskIQ’s Internet Intelligence graph.
Extending security and IT protection outside the firewall requires mapping these billions of relationships between the internet components belonging to every organization, business, and threat actor on Earth. RiskIQ built our Internet Intelligence Graph to prepare enterprises for this reality by enabling them to discover unknowns across their attack surface and investigate threats to their organization.
For more than ten years, RiskIQ has been crawling and absorbing the internet to define the web’s identity and composition by fingerprinting each component, connection, service, IP-connected device, and infrastructure to show customers how they—and attackers targeting them—fit within it. Our global sensor network continuously extracts, analyzes, and assembles internet data, updating each customer’s unique Intelligence Graph with a current and 10-year history.
So, what does it take to build this Graph and know your real attack surface?”
RiskIQ’s proprietary network of crawlers are “virtual users” that simulate human-web interactions and the full composition of internet assets—no agent required. The human-web simulation is the most scientific method for absorbing internet intelligence, namely causes and effects. By interacting with digital and internet assets, our virtual users can extract every attribute that makes up the asset’s behavior, including its edge (relational) behaviors.
To avoid detection, RiskIQ’s virtual users deploy from hundreds of rotating proxies worldwide, emanating from a combination of residential, commercial, and mobile egress points. Each of these is highly configurable to emulate a wide range of specific human-like behaviors such as scrolling and clicking. They also imitate popular browsers, devices, applications, and operating systems. For example, having the ability to simulate a mobile phone browser in the region in which it’s being targeted means the RiskIQ crawlers have a higher likelihood of observing the full exploitation chain.
RiskIQ collects data at an unmatched scale. Our systems conduct daily scans of more than 228 unique ports and service banners across the entire IPv4 space to collect host data, including when it was first and last seen, service banners, and much more. Each day, RiskIQ’s network of virtual users make billions of HTTP requests, and take in terabytes of passive DNS data, collect millions of components such as SSL Certificates, tracking codes, and cookies. RiskIQ is currently mapping 157 billion relationships across the internet.
This unparalleled collection allows RiskIQ to build unmatched data sets, including some that are entirely unique to us, including:
Read more about RiskIQ data sets here.
Having a database of these components enables infrastructure chaining, which leverages the highly connected nature of the internet to expand one IOC into many based on overlapping details or shared characteristics. Building infrastructure chains enables RiskIQ to create an accurate view of our customers’ digital presence to define their attack surface and discover unknown assets. It does the same for an adversary’s digital presence, letting threat hunters quickly pivot across these data sets to create context around an incident or investigation, allowing for more effective triage of alerting and actioning of incidents within an organization.
RiskIQ collection preserves what a page looked like each time it was crawled, so we know how pages have changed, including if they’ve been compromised. Many webpages are fluid and may change hundreds of times after their initial load—some are just shells that only become populated after a user has requested the page. RiskIQ not only keeps the full HTML content from the crawled page but our systems also save any dependent file used in the loading process to be able to
The rush to migrate to the cloud and warp-speed adoption of web, mobile, and social platforms badly exposed the limitations of internal network security controls. The COVID-19 pandemic, which has scattered workforces and business operations across the country, has made these controls almost obsolete and an Internet Intelligence graph imperative.
Attackers now have far more access points to probe or exploit, with little-to-no security oversight. Meanwhile, IT is feverishly standing up new systems, new access, and new channels and likely succumbing to human error, such as critical misconfigurations.
Lots of “outside the firewall” security companies claim to give you visibility into this new dispersed and rapidly-growing internet attack surface. Unfortunately, they only have a cursory view of the web and only know about known assets their customers provide them.
RiskIQ deeply understands the internet and how its threads weave together. With RiskIQ’s Internet Intelligence Graph, customers have access to a pre-computed relationship database of internet intelligence updated daily. Tapping into the Graph provides a full picture of the entire internet to show your own organization’s internet attack surface, including known, unknown, and attacker-owned assets. This view includes external third-party infrastructure and resources your organization, users, and customers depend on.
To learn more about the Internet Intelligence Graph and how RiskIQ can help you understand your attack surface, register for a free demo here.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Weekly Update:
➡️Car rental company Hertz filed for bankruptcy protection
➡️For the first time, the Boston Marathon has been canceled
➡️Most of the malicious coronavirus emails are coming from US IP space
Read full update here: http://bit.ly/2Uv3CMV
Microsoft Remote Desktop is spiking. Why? Because all work is now remote work and all access is now remote access. RiskIQ scans hundreds of ports and maps exposed services to provide security teams with a picture worth a thousand log lines. https://bit.ly/2xJ1Dgx
RiskIQ's #COVID19 Internet Intelligence Gateway will enable the cybersecurity community to fight a surge in pandemic-related cybercrime. Sign up, submit any suspicious COVID-19-related URL, and have RiskIQ's powerful global crawling network at your command http://bit.ly/3eon6ek
Via @InfosecurityMag, @DanRaywood highlights RiskIQ's new #COVID19 Internet Intelligence Gateway. This one-stop cybersecurity resource is the latest weapon in the fight against the surge in pandemic-related cybercrime. Read more here https://bit.ly/36ALU02