Enterprise Digital Footprint Resources - RiskIQ

Learn

Digital Asset Discovery and External Threat Detection

Questions & Answers

What is Outside the Firewall? Learn more about Outside the Firewall, why it matters to every company’s security program and the right questions to ask when securing your enterprise digital footprint Outside the Firewall.

What is Outside The Firewall? Or WTFOTF?

Outside the Firewall refers to a company’s or brand’s digital assets–web, mobile and social–that exist beyond the perimeter and safety of the firewall. Thanks to the increase in third party code and other web components, the rise of mobile apps and increased adoption of social networks to communicate with customers, customers now interact with companies and brands, sharing their data beyond traditional security control of the firewall.

Web Assets

  • Websites and web pages, including microsites and landing pages that are self-hosted and hosted by third parties.
  • Third party code, including various components and code libraries
  • Websites and web pages can be created by various departments or vendors without the security team’s knowledge

Mobile Assets

  • Third party apps — both official and unofficial apps.
  • Third party app store listings, which often require only developer submission
  • Unofficial apps can be created and submitted to app stores by independent developers

Social Assets

  • Social media profiles for brands and its spokespeople or executives
  • Profiles are hosted by social networks, outside your firewall
  • Social media profiles can be created by anyone, as long as the profile name or handle is available

Questions to Ask Yourself

  • Do I have visibility into my full digital footprint?
  • What parts of my attack surface do I have no knowledge of?
  • Are our penetration tests and vulnerability scanners considering our attack surface outside of the firewall?
  • Can my external threat management program keep up with the increase of digital assets outside the firewall?

What is an enterprise digital footprint? Find out what an enterprise digital footprint is, and how you can find out what yours looks like.

What Is An Enterprise Digital Footprint?

Simply put, an enterprise digital footprint is the discovery and inventory of all web, mobile and social assets associated with your organization, spokespeople and executives. As the digital assets that make up your footprint are external facing customer and partner touchpoints, they use your brand to reinforce your brand’s promise and message. Threat actors are taking advantage of organizations’ brand equity to create unknown, malicious digital assets outside the firewall to attack organizations and their customers. With RiskIQ’s Enterprise Digital Footprint, you can discover the unknown and rogue assets within your digital footprint, bring them under policy and monitor these assets for changes.

Content-ExternalThreatIntelligence

Known Assets

  • Corporate website, known microsites and landing pages
  • Official mobile apps in authorized app stores
  • Social media profiles, managed by marketing, communications, support and other internal teams or official vendors.

Unknown Assets

  • Quick and dirty microsites created by a team or vendor, without the knowledge of IT
  • Branded mobile apps, which may have been made by a third party developer or scraped and used to build a third party app store listing
  • Unofficial social media profiles, created by fans, comedians for parody’s sake, or malicious actors.

Rogue And Malicious Assets

  • Abandoned cloud servers or domain names, which may be compromised by threat actors
  • Phishing pages created to dupe victims into providing sensitive, valuable data
  • Malvertising — malicious ads which can be hyper targeted to its victims and set to deliver malware such as drive-by downloads and other executables.
  • Social media profiles created to use a brand’s trust and equity to further online scams

Questions To Ask Yourself

  • How confident am I that my security program has full visibility of my enterprise digital footprint?
  • How can I track changes in the assets within my enterprise digital footprint?
  • What’s the workflow for remediation if we discover an external threat in my enterprise digital footprint?

Who are virtual users and what do they do? Understand a core technology that differentiates RiskIQ from a threat data feed and how RiskIQ is able to capture the full extent of external threats, by evading bot blockers used by adversaries.

Virtual Users

RiskIQ’s technology goes beyond simple crawling to emulate real user activity. By varying browsers, click pattern and time on page, our virtual users behave exactly as a human online user would, enabling our technology to continuously monitor while evading anti-malware detection systems. The virtual users are launched from a constantly evolving global web and mobile proxy network with more than 520+ egress points in 40+ countries.

RiskIQ’s virtual users automatically discover and inventory websites, online ads and mobile apps that are legitimately or fraudulently linked to a company or any of its brands. By serving as potential targets for threat actors, these virtual users are able to evade anti-security measures to capture the full Document Object Model (DOM) data. With this data, RiskIQ’s threat researchers and customers can recreate the captured digital asset, including any threats to better understand, and ultimately defend against, these threats.

Virtual Users

  • Web and mobile proxy network with more than 520 egress points and 40+ countries
  • Browse the internet the way real users do
  • Evade anti-malware detection systems
  • Capture the full DOM

Questions To Ask Yourself

  • What proxy networks do I need?
  • Which countries and geographies do I want my virtual users to be from?
  • How can my researchers and security program use the DOM data?

What are points of egress? Points of egress are the network points where RiskIQ’s virtual users start browsing the web. Learn how the more than 520 points of egress enable RiskIQ to provide global coverage from its virtual users.

Points Of Egress

At its core, egress is the point at which network communications goes out. With more than 520 points of egress, RiskIQ is able to ensure that its virtual users represent a broad cross section of internet users on both web and mobile platforms. The number of egress points also enables RiskIQ’s virtual users to evade detection by adversaries.

Does RiskIQ provide custom data services? Understand why RiskIQ’s technology goes beyond the services of a threat feed.

Cloud Scanning Engine And Custom Monitoring

RiskIQ offers customized data delivery to advanced security organizations. This data contains actionable insights and context, as the raw data collected by RiskIQ’s virtual users has been enriched with meta-data. Advanced security organizations can consume this data through three analysis pipelines:

By storing raw and pipeline-tested, virtual user-collected data in a normalized format, integrated applications can quickly access the data. Product owners can focus on delivering on business requirements instead of finding resources to collect and structure data. With dozens of pre-built facets and search, pivoting around the data is easy.

Custom Data Services

  • Reputation Pipeline
  • Behavior Pipeline
  • Content Pipeline
  • Available via WebUI
  • Available via API as a XML / JSON feed
  • Available via data transfer to a new host system or shipped via hard drive
  • Licenses for the data are available as SaaS-hosted, managed or on-premise solutions

Questions To Ask Yourself

  • What kind of data do I need?
  • How can my app easily consume and use the data?
  • Are my organizational security concerns around understanding what sources are associated with malicious activity, have exhibited malicious activity or have served malicious content?
  • How can my researchers and security program use the DOM data?