Advanced Reconnaissance

Precise, Actionable Insight from Unrivaled Data

Virtual User Technology

Passive DNS

RiskIQ’s web crawlers do more than crawl websites. We call them virtual users, and they visit and interact with websites as a human would. These virtual users are fast, automated crawlers that also store the entire chain of events for a user session—both what a real human user would see, as well as everything happening ‘under the hood’ of the browser. Web crawlers visit residential, commercial, and mobile IP addresses, and spend varying amounts of time on each page clicking on non-sequential links.

When virtual users process web pages, they take note of links, images, dependent content, and other details to construct and record a sequence of events and relationships observed during their user session.

Virtual users can be configured for nearly any type of behavior or discernable characteristic of a real user that could impact the experience of that user and what web pages and content they can observe online, and therefore, what data is recorded and available for analysis in the RiskIQ platform.

Global Proxies

Global Proxies

To be able to capture information from websites and mobile app stores around the world, RiskIQ utilizes a global proxy network that was built from the ground up to provide a web perspective from over 50 countries utilizing residential, corporate, and mobile IP addresses.

This allows our virtual users to catch intelligent, self-adjusting strains of malware, malvertising, and phishing sites that attempt to evade certain browser types, or only show their maliciousness to visitors from a specific location or connection type.

 

Mobile Discovery

Mobile Discovery

With native-level integrations with over 150 app store layouts and procedures, RiskIQ scans for occurrences of a brand’s official mobile applications, as well as identify a brand’s logos and terms within the code of mobile applications.

If RiskIQ finds mobile applications in unsanctioned stores or apps referencing your brand that are not official or legitimate, RiskIQ provides workflows to have them removed from the infringing app store.

In addition to the takedown of rogue, unofficial, or compromised apps, we can also search across more than 150 other stores for the same or similar app, and take action against those as well. Continuous monitoring lets users know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.

Social Profiles

Social Profiles

RiskIQ has monitoring capabilities for many of today’s most used social networks, including Facebook, Twitter, LinkedIn, YouTube, and Pinterest. Much like phishing, malicious threat actors set up imposter social media accounts to impersonate an organization’s technical or customer support pages, executives, and employees to steal credentials or to point unsuspecting users at other elements of their campaigns, such as phishing pages.

RiskIQ finds these rogue and unofficial social profiles and provides in-app workflows to quickly submit fraudulent profiles for takedown directly to the social media networks and then monitor for the reappearance of similar profiles.

RiskIQ also examines the links inside of social media posts for malicious content and can alert, block, and take down the malicious posts.

Sensors, Collectors, and Scanners

Sensors, Collectors, and Scanners

RiskIQ has deployed hundreds of passive DNS sensors throughout the world to collect DNS data about domain and IP resolutions across the broad expanse of the internet. Using our sensor and collector network enables RiskIQ to update information as it’s seen in the wild rather than waiting for other data sets to refresh. To ensure we have the most comprehensive data, we share and augment our data with DNS partners around the world.

RiskIQ also actively crawls websites and scans IPs for open ports, recording responses and alerting to potential exposures. All of this data is curated and delivered to customers to help discover, detect, and respond to digital threats that might otherwise go unnoticed.

Data Normalization

Data Normalization

With the dozens of data sets and data sources that RiskIQ ingests, normalization of the data enables the ability to cross-reference data sets and surface disparate relationships. RiskIQ technology automatically sorts, normalizes, and cross-references data as it comes into the platform so that it can be used across multiple products.

Understand how to stay ahead of scammers like NoTrove