External Threat Detection Suite Resources - RiskIQ

Learn

Detect External Threats

Questions & Answers

What are external threats? Learn more about external threats and why forward thinking security teams are ensuring that security operations, incident response and vulnerability management teams are prepared for external threats.

What Are External Threats?

External threats refers to a specific class of digital threats that takes advantage of vulnerabilities in an organization’s expanding attack surface outside the firewall.

Mobile Threats

  • Rogue Apps, created by third-party app developers
  • Credential Harvesting
  • Malware
  • Download Diversion
  • User Experience Damage
  • Non-Compliant Official Apps

Social Threats

  • Impersonating brands and their executives, to phish employees and customers for sensitive information
  • Distributing links to phishing pages
  • Using the brand name to lure users to malware-infected sites
  • Associating a brand or executive profile with offensive or illegal content
  • Violating social media usage policies, exposing the organization to increased risks or unauthorized representation

Domain Threats

  • Malware distribution campaigns
  • Malicious digital advertising (malvertising)
  • Malicious third-party code

Anti-phishing And Web Threats

  • Phish outside the firewall

Malvertising

  • Malicious Ads

Questions To Ask Yourself

  • What external threats are my customers, employees and ultimately my company vulnerable to?
  • Does my organization have a program to address these external threats?
  • Would my security team benefit from decreasing mean time to detection or remediation?
  • Would my security team benefit from decreasing live phish uptime?
  • Have my security programs encountered mobile threats, social threats, domain threats or phish in the last 12 months?
  • What does a world-class external threat management program look like, operationally?

What is External Threat Management? Find out what external threat management is, and why external threat management programs are increasingly critical in today’s security landscape.

What Is External Threat Management?

As the use of digital channels—web, mobile and social—increases, adversaries are using them to distribute malware or attack your customers, employees and partners. The same technology that enable organizations to rapidly create microsites, generate leads or communicate with the public are also used by threat actors. What’s worse is that these third-party tools or libraries often exist outside the firewall, where security teams have less visibility to their digital attack surface.

External threat management is a three-pronged approach that enables teams apply a three-pronged approach in protecting externally facing digital assets—known and unknown—from malicious actors. With actionable data, security professionals can map their digital attack surface and pinpoint threats outside the firewall.

  • Discover and Monitor: Discover assets and analyze previously attack surfaces outside the firewall
  • Detect and Respond: Identify and eliminate live attacks in the wild
  • Research and Investigate: Investigate and analyze adversaries and their threat infrastructure to prevent attacks

By employing virtual-user technology, RiskIQ uncovers your digital footprint. These virtual users experience the web like real users would, evading detection from threat actors, to discover and monitor your digital assets, creating a dynamic snapshot of your company’s attack surface. RiskIQ’s threat detection engine exposes threats so you can respond immediately — and finally, RiskIQ’s PassiveTotal lets you research & investigate your adversary, leaving them nowhere to hide.

Questions To Ask Yourself

  • How is my organization addressing external threats today?
  • How can I find all of my digital assets within my enterprise digital footprint, track changes to these assets and
  • understand the adversary better?
  • What’s the workflow for remediation if we discover an external threat in my organization’s enterprise digital footprint?
  • Does our penetration testing plan cover the attack surface outside the firewall?
  • How can we rapidly respond to an external threat event or incident?

Why consider an external threat management platform? Find out if an external threat management platform is right for your security team!

Is An External Threat Management Platform Right For My Company?

RiskIQ’s external threat management platform provide a framework for security teams to address external threats at scale. By providing a comprehensive view of your attack surface outside the firewall, RiskIQ proactively identifies external threats and provides a workflow for research and remediation.

Organizations with known brand name(s), valuable customer data, active or numerous digital channels—web, mobile and social—will find value from an external threat management platform.

Questions To Ask Yourself

  • Have you had issues in the past with external threats? These may include, but are not limited to: phishing,
  • malvertising, drive-by downloads, rogue apps, credential harvesting and more.
  • Do you know the full scope of your digital attack surface? What is your current discovery methodology?
  • How might your team measure success of an external threat management or threat infrastructure analytics pilot?
  • Do you roll your own, or are you investing in larger technology vendors, including HP, IBM or Splunk?
  • Do you have, or can you get the budget for new technology that will increase the productivity of your existing securityteam?