RiskIQ Makes Facebook ThreatExchange Data Accessible within PassiveTotal
December 02, 2015
Company will also share Intelligence on Web Threats, Malvertising and Malicious Mobile Apps with ThreatExchange Community
SAN FRANCISCO, Dec. 2, 2015 -- RiskIQ, the leading security company defending organizations from threats beyond the perimeter, today announced that its PassiveTotal threat infrastructure analysis product will provide a visual front end for Facebook’s ThreatExchange. With this integration, RiskIQ customers have the option to centralize data from ThreatExchange alongside critical data sets such as passive DNS, WHOIS, and SSL Certificates within PassiveTotal to accelerate security investigations and automate the sharing of findings with the community.
“Sharing threat intelligence, whether it’s private sharing of attack campaigns, long-form reports on threat actors or just public lists of indicators, is the most effective way for organizations to pre-empt and protect themselves from attacks,” said Elias Manousos, CEO of RiskIQ. “We believe the process of sharing should occur without friction and that’s why we’ve added full integration of Facebook’s ThreatExchange within the PassiveTotal platform. We are also sharing data from RiskIQ researchers with ThreatExchange to further arm the community with actionable intelligence.”
To automate intelligence sharing with the ThreatExchange community, PassiveTotal allows users to set global controls on how, with whom and what data is shared. Once the initial configuration is complete, users can simply begin searching within PassiveTotal much like they normally would. When data related to a search is found within ThreatExchange, PassiveTotal will display a tab and show the specific data along with who submitted it into the exchange. Additionally, when available, PassiveTotal will automatically extract details such as tags or the status of an indicator, including malicious, suspicious, etc.
For real-time sharing, PassiveTotal can be configured to automatically add findings to ThreatExchange as investigations are being conducted. For example, a group of individuals that know and trust each other can instantly work as an ad-hoc team to help protect their peers’ organizations while they are protecting their own company. The addition of ThreatExchange to the PassiveTotal platform can facilitate larger, inter-company intelligence sharing efforts that previously would only be performed through email, if at all.
PassiveTotal with ThreatExchange integration is available immediately. RiskIQ threat data is publicly available in ThreatExchange under a TLP GREEN designation.