PassiveTotal By RiskIQ
As businesses adapt to the changing digital landscape, more customer and business operations are shifting from being behind the protection of firewalls to being available via the internet. This exposes your company and customers to extremely skilled, malicious, persistent threats. The good news for defenders of your organization is that data exists to help expose the infrastructure being used by attackers. This allows you to find, block, and prevent attacks.
Analysts and investigators need a solution that brings together the key data sets and leverages automation to keep pace with the shifting threat landscape to draw relevant and actionable conclusions to protect the business.
PassiveTotal simplifies the event investigation process and provides analysts access to a consolidated platform of data necessary to accurately understand, triage, and address security events.
- Simplify and accelerate the investigative process
- Intelligently aggregate and correlate data to provide context to events
- Proactively track and alert on changes in threat infrastructure to predict new attack vectors
- Identify and proactively block all threat infrastructure being used by the attacker
By bringing together critical data sources in an easy to use visual interface, RiskIQ’s PassiveTotal enables analysts to confidently assess incidents within their networks to map and analyze their adversary’s digital footprint.
What Does PassiveTotal by RiskIQ Do, Exactly?
Accelerate your analysis capabilities
RiskIQ’s PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Junior and senior analysts alike can use PassiveTotal as a single view into multiple data sets, pivoting intelligently across them to uncover additional connections.
Work better together
Using PassiveTotal’s TeamStream, analysts can see what others on the team are searching for while working together on threat analysis. Attacker infrastructure components can be grouped into projects, allowing investigators to quickly gather and share data about a particular event. Shared Tags on related or known threat infrastructure can also be used to provide additional context to other investigations.
Stop looking for the needle in the haystack
During the investigation process, it’s often that an analyst will come across a domain, IP, or piece of information that may be suspicious, but not ready to action right away. Using PassiveTotal Monitors, analysts can receive notification when changes occur that may indicate weaponization or a mounting attack.
Scales with your needs
Only RiskIQ enables your security team to stay steps ahead of increasingly sophisticated threat actors. Analyze and understand threat infrastructure from a variety of sources–passive DNS, active DNS, WHOIS, SSL certificates and more–without devoting resources to time-intensive manual threat research and analysis.
What makes PassiveTotal different?
More than just another data source
PassiveTotal is a platform that was built for analysts, by analysts. The intelligent pivoting capability lets you navigate between often disparate data sets, quickly making connections within the single user interface. Unifying data from passive and active DNS sources, WHOIS information, SSL certificates, and other web components like host pairs and trackers, you can get a comprehensive understanding of an attacker’s infrastructure to proactively block other attack vectors.
Programmatic data access
PassiveTotal has an extensive API capability that allows your organization to bring the vast RiskIQ and PassiveTotal data sets directly into your own security operations tools. Using Maltego for data visualization? Create visual graphs using PassiveTotal Maltego transforms hosted by Malformity.