Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Today I’m going to give you a demonstration of RiskIQ Digital Footprint Community Edition. I will show you how you can do your organization’s own digital footprint, but first a brief introduction to RiskIQ. RiskIQ provides comprehensive discovery intelligence and mitigation of threats associated with an organization’s digital presence. Our digital threat management platform offers unified visibility and control for external security issues across web, social and mobile channels. We utilize our own threat intelligence that employs multiple techniques and technology to gather, capture, analyze, curate and monitor petabytes of public and proprietary internet data sense. And we have a solution set that supports various tasks of different security teams to identify, analyze and respond to threats outside the firewall.
What is a Digital Footprint? A Digital Footprint is comprised of all the external assets that belong to an organization such as web servers and web applications that are accessible from the internet. Through advanced internet reconnaissance and predictive analytics, RiskIQ collects, stores and analyzes petabytes of internet data to automatically generate and maintain an organization’s digital footprint. This includes domains, hosts, IP addresses, open ports, SSL certificates, web components, CVE’s and related external infrastructure. RiskIQ’s automated discovery technology reveals how everything is connected as well as the likelihood that an asset belongs to your organization.
Let’s talk about Digital Footprint. Digital Footprint allow threat defenders a full understanding of the digital attack surface, the known, unknown, and rogue internet facing assets that can be attacked and compromised by attackers. It offers the means to identify external assets, actively monitor crucial changes and allow staff to pinpoint issues to resolve in order to reduce the attack surface and maintain asset management compliance.
Through our virtual user crawling technology, defenders can understand how an adversary sees your organization from the outside in, where analysts can readily view details relating to digital assets such as domain attributes, IP addresses, registrant, components, and revealing previously unknown assets and exposures.
Now, onto our demonstration of RiskIQ Digital Footprint Community Edition. In order to view your organization’s digital footprint, you’ll first need to sign up for a RiskIQ Community Account using your corporate e-mail address. Digital footprints will not be generated for free non-corporate email accounts like Gmail, Yahoo, Hotmail, and AOL. We only reveal Digital Footprints to organization-owned email accounts.
After the registration process, you’ll be sent an email to confirm your email address. After confirmation, you’ll be able to log in and view your organization’s digital footprint. If you’re an existing RiskIQ Community user, and your account utilizes your corporate e-mail address, your Digital Footprint has already been enabled for you to view and interact with.
Once you have successfully logged in, you’ll be presented with your organization’s Digital Footprint. The Digital Footprint can be found under the section called “My Digital Footprints.” In my particular case, I have two footprints, one for RiskIQ.com and one for RiskIQ.net. Community Edition users will only see a single Digital Footprint that matches their e-mail domain. From here you can quickly see our Alexa ranking, how many open ports my organization has, high and critical CVE’s.
Now we’ll click on the Digital Footprint for RiskIQ.com. On the left side of the screen, you’ll be able to quickly get insights into your organization’s Digital Footprint. You’ll be able to filter on open ports, critical, high and medium CVE’s. You’ll also be able to filter on your Alexa rankings. By clicking on the check icon, it will filter the results to only show those selected items. By clicking on the X icon, it will remove those selected items from the results. Clicking on the icons again will remove those previously selected filters.
Here you can see the asset types that are part of your Digital Footprint. My Digital Footprint contains host names, name servers, domains, mail servers, who is registered, email addresses, and net blocks. So this is an automatic Digital Footprint, RiskIQ gives a confidence level of the asset’s ownership. You can filter by absolute, low probability, unlikely, and unknown ownership. Connecting this is the number of devices that are connected to each other. This helps in identifying the ownership to your organization.
Now we’ll filter to only look for critical CVEs in my organization’s digital footprint. Here you can see that there are 19 hosts that have been identified with critical CVEs. I will select one on the map now. I have selected wheresthemalware.com, which is owned by RiskIQ. On the right side of the screen, you can see that this has been identified as being owned absolutely by RiskIQ. It has four open ports, port 115, 118, 194, and 8080. By looking at the web components, I can see that this is running Microsoft, IS version 7.5, and potentially has five CVEs associated with it that are critical. I can also see the same information in the data table by clicking on the data table tab. Here you can see the same information but in an easy to consume listed table format.
Community Edition users will have obfuscated view of their Digital Footprint, hiding hosts and subdomain names. Community users will also not be able to download their digital footprints or asset information.
The linked list view gives users the ability to select a single artifact to see how it’s linked to other assets through selections. The drill down link analysis helps you to understand the relationships within inside of your Digital Footprint.
At any time, Community Edition users can click on the upgrade button to contact sales to either purchase one or more snapshots of their un-obfuscated Digital Footprint, or upgrade entirely to Digital Footprint Premium or Enterprise.
We hope you enjoyed the demonstration to better understand your digital footprint. Remember if you have any questions, you can always use the chat feature located on the bottom right hand corner of the screen at any time. If you’re not already a member of the RiskIQ Community, you can join at community.www.riskiq.com. For sales inquiries, you can email us at firstname.lastname@example.org or call us at 1-888-415-4447. Thank you.