Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Automated Blocking, Enrichment, Workflows, and Take-downs
RiskIQ makes it easy to connect dots from seemingly disparate data sets to uncover malicious threat actors’ tracks across the internet. But finding them is only half of the battle. Once their infrastructure is uncovered, the next and perhaps most critical component of cybersecurity is removing it from operation.
RiskIQ has built partnerships with the most widely used web hosting providers, ISPs, social media networks, and web protection organizations to streamline takedown workflows to help security organizations effectively manage the digital threats against them, their employees, and their customers as quickly as possible.
Get the Report
RiskIQ has a partnership with Google and Microsoft that allows the RiskIQ platform to submit malicious pages directly to Google Safe Browsing and Microsoft SmartScreen. This means that, outside of traditional mitigation efforts like web filtering and firewalling, visitors to confirmed phishing, scam, and malicious URLs reported from the RiskIQ platform will be blocked by 95% of all web traffic. Visitors will see an interstitial page that shows the danger.
When an infringing, counterfeit, or phishing website is found to be targeting a particular brand or organization, RiskIQ uses our extensive WHOIS data set to pinpoint the registrar (and in many cases the domain owner), giving you an immediate route to submit the page for takedown on the legal basis of infringement, scams, or violations of terms of service.
Managing takedown requests can be completed with three clicks within the RiskIQ platform. Communications are tracked for legal, policy, and regulatory compliance. Once RiskIQ verifies that the website has been taken down, ongoing monitoring ensures that the site stays down. If it reactivates, we will alert security teams to the threat actor’s tenacity and re-open the digital threat for further investigation and action.
Digital ad platforms rely on providing clean, legitimate advertisements to publishers and content consumers. However, through the standard attribution and redirect chain in display ad networks, threat actors can inject a malicious step in the process that may display unauthorized types of advertisements, force drive-by downloads, or lead to sites that are illegal or outside of terms of service (such as gambling, adult content, or scams).
RiskIQ and our virtual user technology can crawl a URL from hundreds of different global locations and simulated device types to tease out behaviors exploited by malicious actors and fraudulent advertisers. Following the entire redirect chain, we can pinpoint where malicious behavior is injected and help advertising platforms prevent a compromised ad from ever going live (or shut down a live ad) to help protect publishers’ and ad platforms’ reputations.
Phishing continues to be the most effective way to gain access to unsuspecting victims’ account credentials and banking details. The basis of these campaigns—phishing websites that look legitimate—exist on the web, just like any other website. RiskIQ virtual user technology intelligently crawls millions of pages across the internet daily to uncover these pages. When found, the RiskIQ platform enables organizations to quickly submit phishing pages to the pages’ hosting provider for takedown.
Due to the urgent and immediate threat posed by phishing, RiskIQ has direct partnerships with Google and Microsoft to submit confirmed phishing sites directly to the Google Safe Browsing and Microsoft SmartScreen platforms, resulting in the automated blocking of phishing sites to 95% of web traffic.
Continuous monitoring lets customers know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.
RiskIQ has monitoring capabilities for many of today’s most used social networks, including Facebook, Twitter, and LinkedIn. Similar to phishing, malicious threat actors set up imposter social media accounts to impersonate an organization’s technical or customer support pages, executives, and employees to steal credentials or point unsuspecting users at other campaign elements such as phishing pages.
RiskIQ finds these rogue and unofficial social profiles and provides in-app workflows to quickly submit fraudulent profiles for takedown directly to the social media networks and monitor for the reappearance of similar profiles.
With native-level integrations with more than 150 app store layouts and procedures, RiskIQ scans for occurrences of a brand’s official mobile applications, as well as identify a brand’s logos and terms within the code of mobile applications.
If RiskIQ finds mobile applications in unsanctioned stores, or mobile applications that reference your brand that are not official or legitimate, RiskIQ provides workflows to have those applications removed from the infringing app store.
In addition to take down of rogue, unofficial, or compromised apps, we can also search across other stores for the same or similar app, and take action against those, as well. Continuous monitoring lets users know when enforced threats have been successfully remediated, and RiskIQ’s post-resolution monitoring re-opens events and informs users of any tenacious threats posing a recurring risk to the organization.