Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Powerful Alliances that Extend Your Reach
RiskIQ’s technology partners and alliances build on RiskIQ products and solutions to help you get even more value from your security infrastructure. The ecosystem of complementary technologies and services provided by our partners help customers gain better security, optimize staff resources, and maximize the value of technology investments.
Read the Company Overview
When RiskIQ crawls websites and confirms a page to be phishing or hosting malware, we provide these URLs directly to Google for inclusion in Google Safe Browsing. Google Safe Browsing is blacklist of URLs which host malware or phishing content, and if a user of one of those web browsers attempts to visit a blacklisted URL, they are presented with a warning page informing them of the impending threat if they proceed.
When RiskIQ crawls a website and confirms that the page is hosting malware or phishing, we provide the URL of the page to Microsoft for automatic blocking to its web browsers through Microsoft SmartScreen. Microsoft SmartScreen prevents users of Microsoft Internet Explorer and Edge from visiting websites with phishing content or malware.
RiskIQ’s Splunk App brings the power of data sets collected from internet scanning directly to your Splunk instance. This application leverages your existing PassiveTotal account and our API in order to bring in data like passive DNS, WHOIS, passive SSL, host attributes and more.
The RiskIQ App for IBM QRadar brings data sets from internet scanning and threat intelligence directly to your QRadar instance. Without leaving QRadar, you can investigate infrastructure found within your logs, automatically triage offenses based on verified intelligence, and create rules based on data stored within the PassiveTotal platform.
Flashpoint deep and dark web data can be integrated into RiskIQ External Threats to create events on the appearance of keywords relating to your business, brand, or key employees on the dark web. Searching for threats across all digital channels and across all corners of the web enables organizations to have comprehensive visibility and threat management workflows for both RiskIQ and Flashpoint customers.
ThreatQ is an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization, and collaboration needed for increased security effectiveness and efficient threat operations and management. The ThreatQ platform integrates RiskIQ PassiveTotal data to enrich domains and IP addresses with tags, malicious disposition and other metadata from PassiveTotal, along with passive DNS data to query for a domain or IP addresses’ historical record.
With Phantom, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting. Phantom Playbooks can utilize RiskIQ PassiveTotal data via the RiskIQ API to automate security processes such as understanding tags associated with infrastructure and then performing blocking or restriction actions on other technologies like endpoint protection, firewalls, proxies, and more.
Demisto orchestrates security to make Security Operation Center (SOC) teams more efficient and smarter. Its comprehensive platform combines automation, incident management, and interactive investigation into a seamless experience to reduce MTTR for every incident. Users can leverage the multi-source threat intelligence capabilities of RiskIQ PassiveTotal with the security orchestration and automation features of Demisto Enterprise for repeatable and scalable incident response that coordinates across different security measures.
To learn more about RiskIQ and SIEM, click to get this tech note.
Slack/Hipchat via Hubbot