Advanced Reconnaissance

Outside the Firewall®
Cross Channel Data in the Palm of Your Hand

Virtual User Technology

virtual userRiskIQ’s web crawlers do more than just crawl websites. We call them virtual users, and they visit and interact with websites like a human would, from residential, commercial, and mobile IP address, and they spending varying amounts of time on each page and click non-sequential links. RiskIQ virtual users are fast, automated crawlers that also store the entire chain of events—both what a real human user would see, as well as what’s happening under the hood in the browser.

When virtual users process web pages, they take note of links, images, dependent content, and other details to construct and record a sequence of events and relationships observed during their user session.

Virtual users can be configured for nearly any type of behavior or discernable characteristic of a real user, which might impact the experience of that user and what web pages and content they can observe online, and therefore, what data is recorded and available for analysis in the RiskIQ platform.

Global Proxies

global proxies

To be able to capture information from website and mobile app stores around the world, RiskIQ utilizes a  global proxy network that was built from the ground up to provide a web perspective from over 50 countries utilizing residential, corporate, and mobile IP addresses.

This allows our virtual users to catch intelligent, self-adjusting strains of malware, malvertising and phishing sites that attempt to evade certain browser types, or only show their maliciousness to visitors from a specific location or connection type.


Mobile Discovery

mobile discovery

With native-level integrations with over 150 app store layouts and procedures, RiskIQ scans for occurrences of a brand’s official mobile applications, as well as identify a brand’s logos and terms within the code of mobile applications.

If RiskIQ finds mobile applications in unsanctioned stores, or mobile applications that reference your brand that are not official or legitimate, RiskIQ provides workflows to have those applications removed from the infringing app store.

In addition to takedown of rogue, unofficial, or compromised apps, we can also search across more than 150 other stores for the same or similar app, and take action against those, as well. Continuous monitoring lets users know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.

Social Profiles

social profiles

RiskIQ has monitoring capabilities for many of today’s most used social networks, including Facebook, Twitter, LinkedIn, Google+, YouTube, and Pinterest. Much like phishing, malicious threat actors set up imposter social media accounts to impersonate an organization’s technical or customer support pages, executives, and employees to steal credentials or to point unsuspecting users at other elements of their campaigns like phishing pages.

RiskIQ finds these rogue and unofficial social profiles and provides in-app workflows to quickly submit fraudulent profiles for takedown directly to the social media networks and monitor for the reappearance of similar profiles.

RiskIQ examines the links inside of social media posts for malicious content. RiskIQ can alert, block, and take down the malicious posts.

Sensors, Collectors, and Scanners

sensors, collectors, and scanners

RiskIQ has deployed hundreds of passive DNS sensors throughout the world to collect DNS data about domain and IP resolutions across the broad expanse of the internet. Using our own sensor and collector network enables RiskIQ to update information as it’s seen in the wild rather than waiting for other data sets to refresh. To ensure we have the most comprehensive data, we share and augment our own with DNS partners around the world.

RiskIQ also actively crawls websites and scans IPs for open ports, recording responses and alerting to potential exposures. All of this data is curated and delivered to customers to help discover, detect, and respond to digital threats that might otherwise go unnoticed.

Data Normalization

data normalization

With the dozens of data sets and data sources that RiskIQ ingests, normalization of the data enables the ability to cross-reference data sets and surface disparate relationships. RiskIQ technology automatically sorts, normalizes, and cross-references data as it comes into the platform so that it can be used across multiple products.

Understand how to stay ahead of scammers like NoTrove