RiskIQ Digital Footprint

Discover and Monitor Your Attack Surface Outside the Firewall

What is your Digital Footprint?

Your digital footprint contains all of your external-facing assets. These include websites, mail servers, social landing pages, and pages created outside official protocol for one-off marketing campaigns—in essence, your entire digital presence. A lot of these assets exist without the knowledge of IT security teams, and you can’t protect what you don’t know about.

Read the White Paper

Your Digital Footprint

Digital Footprint

Known Assets

  • Corporate website
  • Known microsites managed by marketing
  • Marketing landing pages
  • Web applications
  • Known public-facing demo, development, and staging servers

Unknown Assets

  • Microsites created by vendors or as one-off pages
  • Unknown public-facing demo, development, and staging servers
  • Servers and web pages that were part of a merger or acquisition but not inventoried

Rogue and Malicious Assets

  • Abandoned servers or domain names
  • Pages created outside of standard procedures
  • Unauthorized typosquatting domains
  • Assets in your inventory infected by malware
  • Assets in your inventory pointing to sites known to be malicious

Why is your Digital Footprint important?

digital footprintAttackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors. For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at you. After all, following an attack or breach, saying “we didn’t know that asset existed,” doesn’t mitigate the damage done.

Once you have an accurate picture of your digital footprint, it is far easier to understand and implement mitigation techniques to ensure that all of your external assets are protected. This inventory of your assets is also critical for compliance with numerous industry regulations.

How does RiskIQ discover your Digital Footprint?

virtual user robotRiskIQ uses virtual user technology to discover web assets and experience them like a real user (or attacker performing reconnaissance) does, allowing you to accurately identify, monitor, and manage your entire internet attack surface from the outside in.

RiskIQ’s technology goes beyond simple crawling. Our virtual users show up at websites using different browsers, varying their click pattern and time on pages, and behave exactly as a human user would, enabling our technology to continuously monitor while evading stealthy anti-detection systems. The virtual users are launched from a constantly evolving global web and mobile proxy network with more than 520 egress points in more than 40 countries.

Using a network of tens of thousands of these virtual users, we scan the entire internet millions of times per hour, collecting telemetric data to produce a dynamic index of your web attack surface. This process illuminates websites, mobile apps, URLs, web page content, ASNs, IPs, and nameservers, many of which aren’t currently in your inventory. RiskIQ uncovers all digital assets appearing online that tie back to your organization, enabling your security team to understand the attack surface outside your firewall, bring unknown assets under management, and survey your digital footprint from the view of a global adversary.

Continuous Monitoring of Web Assets

Once the full inventory of digital assets has been established and confirmed, continuous monitoring of those assets is critical. Digital Footprint provides continuous monitoring and scanning of digital assets for:

Malware

  • Detect sophisticated malicious behaviors designed to elude traditional web security scanners by viewing from the perspective of end-users targeted by these threats

Infrastructure

  • Detect failing infrastructure, unauthorized configurations, and DNS hijacking
  • Locate assets affected by a compromised infrastructure component

Defacement

  • Detect website defacement and inappropriate content appearing on web pages in your inventory

Web Compliance

  • Continuously monitor all company-owned websites for content or code that does not comply with internal policies or government regulations