External Threat Management

RiskIQ and CrowdStrike Combine for Enhanced Situational Awareness and 360-Degree Attack Surface View

Earlier this month, RiskIQ announced our Interlock Partner Program, making our Internet Intelligence Graph—RiskIQ's unique global view of the internet comprised of data from more than ten years of crawling the web—available in cybersecurity platforms around the world.

One of our first key integrations was the RiskIQ Illuminate app for CrowdStrike, which enriches CrowdStrike Falcon detections with our internet-wide telemetry, enhancing internal alerts with external context. When automatically correlated with CrowdStrike Intelligence, RiskIQ's internet data sets boost incident response by enabling researchers to quickly search across an organization's endpoints for indicators of compromise or find activity related to suspicious indicators they observe on an endpoint.

During an investigation, the RiskIQ app automatically identifies impacted endpoints so analysts can understand all the related infrastructure belonging to a given threat actor. This way, companies can stay a step ahead of their adversaries and optimize their attack surface management.

Key benefits:

  • Creates complete security visibility by bridging external and internal threat intelligence data in one location
  • Enriches investigations by automatically searching internal endpoints, via CrowdStrike Insight, for indicators of compromise as analysts pivot
  • Displays CrowdStrike Falcon X Intelligence directly alongside detailed Internet collection data
  • Accelerates hunting or incident response engagements by surfacing related or overlapping infrastructure data 
  • Identifies any visibility gaps within the organization by analyzing CrowdStrike endpoint coverage and comparing it with the organization's attack surface

The combination of RiskIQ and Crowdstrike data delivers security practitioners increased visibility of their entire attack surface and supercharges investigations. CrowdStrike customers can trial and install the RiskIQ application through the CrowdStrike Store within the Falcon platform today. Visit the CrowdStrike blog or watch the video below to find out how to start using the Illuminate app today. 

For RiskIQ customers, you can access CrowdStrike data in PassiveTotal Enterprise edition, which introduces crucial endpoint data as a pivot point to your investigation, giving you a 360-degree view of your attack surface. Sign up today with a business email address to see it in action.

Now, more than ever, organizations need to measure their attack surface and ensure they have resilience baked into their documented response procedures—RiskIQ Illuminate for Falcon is a powerful tool in their arsenal. With RiskIQ Illuminate for Falcon, you're on the cutting edge of defense by combining the most robust data to identify the most useful insights. 

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor