RiskIQ Mitigation

Intelligent Workflow and Integrations Streamline Digital Threat Mitigation

Shut Down Threat Actors in Their Tracks

RiskIQ makes it easy to connect dots from seemingly disparate data sets to uncover malicious threat actors’ tracks across the internet. But finding them is only half of the battle. Once their infrastructure is uncovered, the next and perhaps most critical component of cybersecurity is removing it from operation.

RiskIQ has built partnerships with the most widely used web hosting providers, ISPs, social media networks, and web protection organizations to streamline takedown workflows to help security organizations effectively manage the digital threats against them, their employees, and their customers as quickly as possible.

Read the Case Study: RiskIQ Helps DocuSign Gain Visibility and Control Over Internet-Exposed Assets

Download the SANS Survey to get the current state of continuous monitoring

Website Takedown

Website Takedown

When an infringing, counterfeit, or phishing website is found to be targeting a particular brand or organization, RiskIQ uses our extensive WHOIS data set to pinpoint the registrar (and in many cases the domain owner), giving you an immediate route to submit the page for takedown on the legal basis of infringement, scams, or violations of terms of service.

Managing takedown requests can be completed with three clicks within the RiskIQ platform. Communications are tracked for legal, policy, and regulatory compliance. Once RiskIQ verifies that the website has been taken down, ongoing monitoring ensures that the site stays down. If it reactivates, we will alert security teams to the threat actor’s tenacity and re-open the digital threat for further investigation and action.

Malvertising Takedown

Malvertising Takedown

Digital ad platforms rely on providing clean, legitimate advertisements to publishers and content consumers. However, through the standard attribution and redirect chain in display ad networks, threat actors can inject a malicious step in the process that may display unauthorized types of advertisements, force drive-by downloads, or lead to sites that are illegal or outside of terms of service (such as gambling, adult content, or scams).

RiskIQ and our virtual user technology can crawl a URL from hundreds of different global locations and simulated device types to tease out behaviors exploited by malicious actors and fraudulent advertisers. Following the entire redirect chain, we can pinpoint where malicious behavior is injected and help advertising platforms prevent a compromised ad from ever going live (or shut down a live ad) to help protect publishers’ and ad platforms’ reputations.

Phishing Takedown

Phishing Takedown

Phishing continues to be the most effective way to gain access to unsuspecting victims’ account credentials and banking details. The basis of these campaigns—phishing websites that look legitimate—exist on the web, just like any other website. RiskIQ virtual user technology intelligently crawls millions of pages across the internet daily to uncover these pages. When found, the RiskIQ platform enables organizations to quickly submit phishing pages to the pages’ hosting provider for takedown.

Due to the urgent and immediate threat posed by phishing, RiskIQ has direct partnerships with Google and Microsoft to submit confirmed phishing sites directly to the Google Safe Browsing and Microsoft SmartScreen platforms, resulting in the automated blocking of phishing sites to 95% of web traffic.

Continuous monitoring lets customers know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.

Social Takedown

Social Takedown

RiskIQ has monitoring capabilities for many of today’s most used social networks, including Facebook, Twitter, and LinkedIn. Similar to phishing, malicious threat actors set up imposter social media accounts to impersonate an organization’s technical or customer support pages, executives, and employees to steal credentials or point unsuspecting users at other campaign elements such as phishing pages.

RiskIQ finds these rogue and unofficial social profiles and provides in-app workflows to quickly submit fraudulent profiles for takedown directly to the social media networks and monitor for the reappearance of similar profiles.

Mobile App Takedown

Mobile App Takedown

With native-level integrations with more than 150 app store layouts and procedures, RiskIQ scans for occurrences of a brand’s official mobile applications, as well as identify a brand’s logos and terms within the code of mobile applications.

If RiskIQ finds mobile applications in unsanctioned stores, or mobile applications that reference your brand that are not official or legitimate, RiskIQ provides workflows to have those applications removed from the infringing app store.

In addition to take down of rogue, unofficial, or compromised apps, we can also search across other stores for the same or similar app, and take action against those, as well. Continuous monitoring lets users know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.

Automated Blocking

RiskIQ has a partnership with Google and Microsoft that allows the RiskIQ platform to submit malicious pages directly to Google Safe Browsing and Microsoft SmartScreen. This means that, outside of traditional mitigation efforts like web filtering and firewalling, visitors to confirmed phishing, scam, and malicious URLs reported from the RiskIQ platform will be blocked by 95% of all web traffic. Visitors will see an interstitial page that shows the danger.