Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Reveal Actionable Insights From Petabytes of Internet Data
Along with the petabytes of collected data from across the internet, RiskIQ also extracts and analyzes the data to create new data sets that aid in discovering, understanding, and mitigating digital threats. Lists like the RiskIQ Accomplice List which showcases websites and URLs that are not malicious themselves, but that link to or redirect to URLs that host malware, phishing or scams. RiskIQ also maintains our own Phish List, Scam List, and Zero-Day List which include never-before-seen URLs and pages that host phishing, scam, or malware content that we find while crawling the internet with our virtual users.
The RiskIQ platform utilizes correlation algorithms to constantly improve our detection capabilities and virtual user technology.
As the platform and virtual users crawl more websites every day, RiskIQ’s analytic capabilities become more tuned and confident over time. This allows for accurate, automated detection and confirmation of phishing pages, imposters, and scams without the need for any human intervention. In instances where the platform is less confident in its correlation or decision, RiskIQ security analysts step in to review and confirm or dismiss events and detections. This ensures that our customers are protected and the platform evolves intelligently.
RiskIQ’s senior security research team focuses on identifying and investigating new and emerging threats. The team’s research goes into the RiskIQ platform to improve detection for our customers and provide the ability to protect from these threats. Once we find and confirm a new threat, we alert our customers and simultaneously work with the RiskIQ data science team to create or modify the learning algorithms to automatically detect and classify pages containing the new threat without human intervention.
Outside of the RiskIQ platform, RiskIQ’s threat researchers are highly regarded in the information security community. The team publishes research and shares the information we have about threat actor groups with the broader community through news outlets, reports, and PassiveTotal® public projects.
The internet is a large place and making sense of it and the data it contains is a daunting challenge. At RiskIQ, we use the huge amount of internet data in unique and innovative ways. The core of many of our products is continuously improving the way we interact with and use this data. Our data science team focuses on bringing new insight to internet data and finding ways that to connect seemingly disparate data sets. By learning from the vast amount of data, we can fine tune our correlation algorithms to detect and alert users to malicious content and infrastructure even before a site is fully weaponized.
RiskIQ virtual users take inventory of mobile app stores and download applications they encounter on the web as if they were using a mobile device. Using these techniques, the platform is able to link apps between stores and across publishers and platforms. Once downloaded and inventoried, RiskIQ analyzes the applications themselves to determine if there are brand infringing elements, spyware, or malware hiding within the code.
Using a technique called MinHash, the RiskIQ platform finds similarities between websites to locate brand and copyright infringement, phishing pages that look like official pages, and other malicious activity on the web. Using the similarity between pages, RiskIQ determines if two (or more) websites share similar structure, content, or components, which, coupled with our correlation models allows us to classify pages and generate events for customers.
When RiskIQ virtual users crawl a website, we extract information about the framework and components of the website itself. This could include the CMS type hosting content, the operating system of the web server that is hosting the content, application frameworks for web applications like Apache, and other information. This information can be helpful in determining potential elements that might be compromised due to vulnerabilities.