Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Outside the Firewall®Cross Channel Data in the Palm of Your Hand
RiskIQ’s web crawlers do more than just crawl websites. We call them virtual users, and they visit and interact with websites like a human would, from residential, commercial, and mobile IP addresses, and they’re spending varying amounts of time on each page and click non-sequential links. RiskIQ virtual users are fast, automated crawlers that also store the entire chain of events—both what a real human user would see, as well as what’s happening under the hood in the browser.
When virtual users process web pages, they take note of links, images, dependent content, and other details to construct and record a sequence of events and relationships observed during their user session.
Virtual users can be configured for nearly any type of behavior or discernable characteristic of a real user, which might impact the experience of that user and what web pages and content they can observe online, and therefore, what data is recorded and available for analysis in the RiskIQ platform.
To be able to capture information from website and mobile app stores around the world, RiskIQ utilizes a global proxy network that was built from the ground up to provide a web perspective from over 50 countries utilizing residential, corporate, and mobile IP addresses.
This allows our virtual users to catch intelligent, self-adjusting strains of malware, malvertising and phishing sites that attempt to evade certain browser types, or only show their maliciousness to visitors from a specific location or connection type.
With native-level integrations with over 150 app store layouts and procedures, RiskIQ scans for occurrences of a brand’s official mobile applications, as well as identify a brand’s logos and terms within the code of mobile applications.
If RiskIQ finds mobile applications in unsanctioned stores, or mobile applications that reference your brand that are not official or legitimate, RiskIQ provides workflows to have those applications removed from the infringing app store.
In addition to takedown of rogue, unofficial, or compromised apps, we can also search across more than 150 other stores for the same or similar app, and take action against those, as well. Continuous monitoring lets users know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.
RiskIQ has monitoring capabilities for many of today’s most used social networks, including Facebook, Twitter, LinkedIn, Google+, YouTube, and Pinterest. Much like phishing, malicious threat actors set up imposter social media accounts to impersonate an organization’s technical or customer support pages, executives, and employees to steal credentials or to point unsuspecting users at other elements of their campaigns like phishing pages.
RiskIQ finds these rogue and unofficial social profiles and provides in-app workflows to quickly submit fraudulent profiles for takedown directly to the social media networks and monitor for the reappearance of similar profiles.
RiskIQ examines the links inside of social media posts for malicious content. RiskIQ can alert, block, and take down the malicious posts.
RiskIQ has deployed hundreds of passive DNS sensors throughout the world to collect DNS data about domain and IP resolutions across the broad expanse of the internet. Using our own sensor and collector network enables RiskIQ to update information as it’s seen in the wild rather than waiting for other data sets to refresh. To ensure we have the most comprehensive data, we share and augment our own with DNS partners around the world.
RiskIQ also actively crawls websites and scans IPs for open ports, recording responses and alerting to potential exposures. All of this data is curated and delivered to customers to help discover, detect, and respond to digital threats that might otherwise go unnoticed.
With the dozens of data sets and data sources that RiskIQ ingests, normalization of the data enables the ability to cross-reference data sets and surface disparate relationships. RiskIQ technology automatically sorts, normalizes, and cross-references data as it comes into the platform so that it can be used across multiple products.
Get the Research Report