RiskIQ Digital Footprint® Risk Reporting

Prioritize Risk Mitigation With Up-to-date Threat Indicators and Security Posture

What is Digital Footprint Risk Reporting?

Your attack surface is dynamic and can change by the minute. New and unknown assets that tie back to your organization exist on the internet and can present severe security risk if not properly managed.

With the speed of digital business transformation, threat defense teams need an easy way to understand where their vulnerability management and assessment tools and processes leave them exposed, and where they should focus their efforts to reduce risk exposure.

RiskIQ Digital Footprint® Risk Reporting provides security teams with an easy, accurate, and extensive way to understand the digital risk that is present in their digital footprint, reveal problems or issues with their internet-facing assets, and prioritize remediation actions to reduce risk. With the broad internet data collected by RiskIQ, your Risk Report and Risk Score accurately quantifies risk due to threat indicators present in your footprint and security posture and hygiene of your digital attack surface.

Digital Footprint Risk Reporting Screenshot

Easy to understand metrics, and comprehensive details about your security posture

Digital Footprint Risk Reporting provides management and security teams with an easy to understand, accurate, and interactive view into their organization’s digital risk posture. RiskIQ risk scoring capabilities take advantage of advanced internet reconnaissance and predictive analytics technology that deliver comprehensive external asset inventory, threat discovery, and risk insights.

Digital Footprint Risk Reporting enables your team to reduce your risk by improving your risk management and mitigation processes.

  • Easy – simple, numerical score, intuitive findings, interactive online report
  • Accurate – active reconnaissance, component and threat analytics ensures precise insights
  • Extensive – drill down from exec-level scoring into risk component-levels, and even further to examine external asset and cyber threat elements.
  • Actionable – Predictive analytics and detailed inventory provides direct insight into high-risk external assets and active threats to enable corrective action

What contributes to your Risk Score?

Digital Footprint Risk Report provides a dynamic view of risk in your internet-exposed Digital Footprint, allowing vulnerability, security, and asset management professionals the ability to drill down and examine the threat indicators and security posture components that make up the score and contribute significantly to your exposure to risk outside the firewall.

Threat indicators are active observations of malicious or suspicious activity in an organization’s digital footprint. Incidents that occur without remediation serve as indicators that an organization has security management gaps or has not responded to active threats. These types of indicators are:

  • Host Reputation: Indicators that a host within your digital footprint is on a blacklist
  • Malware: Indicators that malware is present on an asset within your digital footprint
  • Phish: Indicators that an asset within your digital footprint has been associated with a phishing campaign
  • IP Reputation: Indicators that an IP address or range within your digital footprint has been associated with malware, command and control services, botnets, or ransomware

An organization’s Security Posture is a measurement of the maturity of an organization’s security program to properly identify and secure external-facing assets. It is calculated based on observing and analyzing exposures against technical best practices and security policies (such as OWASP) that can mitigate inherent risk associated with internet-facing assets. Your security posture is made up of:

  • Website CVE Exposure: Indicators that a website within your footprint is being run using an out-of-date or vulnerable software or framework
  • Domain Administration: Measures the variations in domain management and contact details, indicating poor domain hygiene and management practices
  • Domain Configuration: Indicators provided by the Extensible Provisioning Protocol (EPP) that can indicate potential domain hijacking or takeover vulnerability
  • Hosting and Networking: Measures the degree of ownership associated with ASNs, which can indicate difficult to manage web assets
  • Open Ports: Indicators that unnecessary or vulnerable ports that host common exploitable or vulnerable services are open and accessible on the internet
  • Websites Security Policies: Indicators that website security policies (such as OWASP) are not being followed or complied with by web development teams
  • SSL Configuration: Indicators of the type and expiration status of SSL certificates within your digital footprint
  • SSL Organization: Measure of the variation in signing authorities or groups registering SSL certificates can indicate a difficult to manage SSL certificate portfolio that could result in expiration or misuse

Prioritize mitigation activities based on exposure

RiskIQ provides mitigation and remediation paths to security teams through Digital Footprint Risk Reporting, all in the context of your own digital footprint inventory.

Recent high-profile data breaches have continued to highlight the criticality of understanding and mitigating exposures to your business that are presented by internet-facing vulnerabilities and security gaps.

But security teams are already stretched thin. With resource constraints, competing priorities, and varied intelligence sources, it’s often difficult if not impossible to understand where to begin mitigation efforts.

Security analysts and vulnerability management teams can drill into the components that make up your risk score to see the major contributor metrics, as well as suggested remediation to help improve your score.

Digital Footprint Risk Reporting Screenshot

Download the Risk Reporting Datasheet

Your Risk Report and Risk Score are only two components of your Digital Footprint

Risk Reporting is a feature of RiskIQ Digital Footprint, an enterprise product that enables organizations to identify, inventory, and actively monitor external digital assets and exposures that exist online and outside the firewall. These assets can’t rely on traditional perimeter protection mechanisms and are the most critical to be monitored for the risk they present to the business if not properly secured or maintained. Get up-to-date information about your exposures and assets outside the firewall, and get true visibility into your external attack surface.