Earlier this month, RiskIQ announced our Interlock Partner Program, making our Internet Intelligence Graph—RiskIQ's unique global view of the internet comprised of data from more than ten years of crawling the web—available in cybersecurity platforms around the world.
One of our first key integrations was the RiskIQ Illuminate app for CrowdStrike, which enriches CrowdStrike Falcon detections with our internet-wide telemetry, enhancing internal alerts with external context. When automatically correlated with CrowdStrike Intelligence, RiskIQ's internet data sets boost incident response by enabling researchers to quickly search across an organization's endpoints for indicators of compromise or find activity related to suspicious indicators they observe on an endpoint.
During an investigation, the RiskIQ app automatically identifies impacted endpoints so analysts can understand all the related infrastructure belonging to a given threat actor. This way, companies can stay a step ahead of their adversaries and optimize their attack surface management.
- Creates complete security visibility by bridging external and internal threat intelligence data in one location
- Enriches investigations by automatically searching internal endpoints, via CrowdStrike Insight, for indicators of compromise as analysts pivot
- Displays CrowdStrike Falcon X Intelligence directly alongside detailed Internet collection data
- Accelerates hunting or incident response engagements by surfacing related or overlapping infrastructure data
- Identifies any visibility gaps within the organization by analyzing CrowdStrike endpoint coverage and comparing it with the organization's attack surface
The combination of RiskIQ and Crowdstrike data delivers security practitioners increased visibility of their entire attack surface and supercharges investigations. CrowdStrike customers can trial and install the RiskIQ application through the CrowdStrike Store within the Falcon platform today. Visit the CrowdStrike blog or watch the video below to find out how to start using the Illuminate app today.
For RiskIQ customers, you can access CrowdStrike data in PassiveTotal Enterprise edition, which introduces crucial endpoint data as a pivot point to your investigation, giving you a 360-degree view of your attack surface. Sign up today with a business email address to see it in action.
Now, more than ever, organizations need to measure their attack surface and ensure they have resilience baked into their documented response procedures—RiskIQ Illuminate for Falcon is a powerful tool in their arsenal. With RiskIQ Illuminate for Falcon, you're on the cutting edge of defense by combining the most robust data to identify the most useful insights.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...