Media and Publishing Case Study - Malvertising | RiskIQ

Case Study

Major Publisher Protects Readers

Major Publisher Protects Readers

The Challenge

As a media and publishing conglomerate, the customer relies heavily on third-party licensees and subsidiaries to deliver content in order to maintain a wide array of distribution channels. This business model, however, creates a security dilemma. The majority of digital assets responsible for distributing media and content to readers is stood up on infrastructure outside of the parent publisher’s defensive perimeter. Over time it became impossible to manually detect and inventory all the digital assets that the security team was ultimately responsible for securing. The concern was the lack of visibility into threats outside of the secured perimeter that could impact readers and damage the brand of the publisher. The VP needed a threat detection system that could alert them about threats to readers in real time.

Malvertising

Malvertising

The practice known as malvertising is a serious threat. For website owners with multiple web properties, detecting malicious ads is incredibly difficult and time consuming. RiskIQ captures malicious ads in action by continuously crawling websites from virtualized browsing sessions, and re-creating ad redirection chains by capturing and recreating the full DOM of a session. This provides ad ops or security specialists with smoking gun evidence about the source of a malicious ad.

The Solution

The VP of Engineering needed a cost effective way to inventory, monitor and secure all digital assets owned by the publisher, its sub brands and licensees. The VP looked to RiskIQ for our ability to continuously discover, index, and monitor digital assets belonging to brands from an outside-in perspective. The VP and their team recognized they could leverage our dynamic discovery and inventory system to map out and manage their digital footprint. By leveraging our covert crawling infrastructure designed to crawl digital assets invisibly by emulating real user behavior, the team could for the first time get data on live threats attacking assets outside of their perimeter.

The key to successfully combating malvertising is visibility. RiskIQ has provided just that, staving off thousands of potentially damaging attacks, and in turn, protecting our readers and our brand reputation.

--, Vice President of Engineering, Major U.S. Media and Publishing Company Major U.S. Media and Publishing Company

The Results

The VP of Engineering now oversees the publisher’s entire inventory of digital assets from a single dashboard. The customer can now recursively discover, monitor, and inventory assets that were once beyond the field of vision of the security team. In addition to discovering customer-aimed threats from more traditional vectors, RiskIQ further detected malware coming through display ads on various third-party owned digital properties.

Over the past 18 months, RiskIQ has helped the publisher uncover thousands of incidents and hundreds of unique campaigns targeting readers via its own properties. Supported by a global network of threat intelligence data, RiskIQ threat analytics helped lower the overhead on the team by limiting alerts to live threats requiring user action. The customer now has the technology and support needed to secure a vast and continuously growing empire of online digital assets in a manner that protects readers and secures the publisher’s brand.