Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
In this demonstration, we will be examining the www.riskiq.com domain using RiskIQ Digital Footprint Community Edition. We will be demonstrating how the RiskIQ Digital Footprint Community Edition automatically builds, classifies and connects an organization’s digital footprint together without any human involvement with stunning results. Insights will be featured, demonstrating how users can gain a greater understanding of an external host’s purpose and relationship to an organization.
Today we will examine the Digital Footprint for www.riskiq.com. The features I’ll demonstrate are available within RiskIQ PassiveTotal Community Edition. First a brief introduction to RiskIQ. RiskIQ provides comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. Our digital threat management platform offers unified visibility and control for external security issues across web, social, and mobile channels. We utilize our own threat intelligence that employs multiple techniques and technology to gather, capture, analyze, curate, and monitor petabytes of public and proprietary internet data sets. And we have solutions that support various tasks of different security teams to identify, analyze and respond to threats outside the firewall.
What is a digital footprint? A digital footprint is comprised of all the external assets that belong to an organization such as web servers, and web applications that are accessible from the internet.
Let’s talk about Digital Footprint. Digital Footprint allows threat defenders a full understanding of the digital attack surface–the known, unknown, and rogue internet-facing assets that can be attacked and compromised by attackers. It offers the means to identify external assets, actively monitor crucial changes, and allow staff to pinpoint issues to resolve in order to reduce the attack surface and maintain asset management compliance.
Through our virtual user crawling technology, defenders can understand how an adversary sees your organization from the outside in, where analysts can readily view details relating to digital assets such as domain attributes, IP addresses, registrant components, and reveal previously unknown assets and exposures.
Today I’ll be doing a demonstration of RiskIQ Digital Footprint Community Edition. I’ll be showing just how well RiskIQ Digital Footprint automatically builds, classifies and connects an organization’s digital footprint, without any human involvement, with stunning results. Let’s start our demonstration of Digital Footprint.
Recently, I was searching www.riskiq.com domain using RiskIQ PassiveTotal. While looking at the digital footprint, I saw something that alarmed me at first glance. I thought it was a mistake or we had a serious issue. Our system showed that www.riskiq.com had a blacklisted host and it was serving malware. Alarms went off for me. I started calling, texting, and e-mailing operations team members, as I needed to let them know we had a potential server serving malware in our domain, or it was a major mistake in our data set. An operations team member quickly educated me. They informed me that RiskIQ has customers that run website ad exchange networks–the ad exchanges used by websites to serve ads on their websites. Some ad exchange networks contract with RiskIQ to check every ad before production to check for malware using our automated virtual crawling technology. A RiskIQ server serves the ad, just like a website does. Then RiskIQ uses its automated virtual user crawling technology to check the ad for malware. Therefore, RiskIQ finds malware and ads ALL THE TIME. But in this circumstance, it’s on our own server, and the public is not exposed to the infected ad with malware.
So yes, RiskIQ is serving malware from that host which is tagged correctly, that it’s serving malware. This is expected because we’re checking ads for malware and tagging the server when the malware is detected and adding the server automatically to our blacklist of malicious servers. This allows the ad exchange networks to make sure that the ads that they are serving to their customers are clean and do not contain malware.
Thank you for watching our demonstration. Please join the RiskIQ Community at www.riskiq.com/community. If you have any questions, you can e-mail us at firstname.lastname@example.org, or call us at 1-888-415-4447.