RiskIQ Digital Footprint Active Discovery

RiskIQ operates a global, SaaS-based Internet-discovery platform that locates and fingerprints organizations’ Internet-exposed digital assets, enabling them to defend their enterprise digital footprint (Internet-exposed attack surface), manage external threats to their organization, and investigate adversarial infrastructure used to attack them.

RiskIQ performs this Discovery by crawling the Internet globally while fingerprinting and analyzing websites; mobile app binaries; and social media profiles. Discovery also analyzes underlying infrastructure ranging from domain names to digital certificates to application server and protocol banners. These digital footprints enable RiskIQ to determine if the asset belongs to our customers – or if they are rogue (malicious) assets pretending to be one of our customers (usually for the purpose of attacking their employees or customers).

One side-effect of our RiskIQ Discovery & Fingerprinting activity is that some security software and devices (Firewalls, IDS systems) incorrectly identify this activity as malicious activity, or as an intrusion attempt. It is not.

The RiskIQ Discovery activity is entirely benign. The only data that we gather through this activity is publicly available OSINT (Open Source Intelligence). We do not collect, nor attempt to collect, any personal or private data.

Common questions that we are asked, are as follows:


Q: Why do I see RiskIQ IP addresses in my logs?

A: RiskIQ actively crawls the Internet perform to locate our customers’ assets. Many legitimate Information Security organizations perform similar activity – it is a common practice.


A: Do not fear – no “hacking” is going on! Despite what your Firewall or IDS system might tell you – no bruteforcing, exploitation, hacking, or vulnerability scanning is happening. We are simply checking to see what is running on a given IP address, and if that digital asset belongs to one of our customers.

Q: What data are you collecting on me? Do you have any of my personal or private data?

A: RiskIQ does not attempt to collect any of your personal or private data. We only collect and verify publicly available data on the Internet, for purposes described in this FAQ. Additionally – when we discover classified, sensitive, or confidential private information on the Internet at large that belongs to our customers – we notify them immediately and help them remove the asset/content from the Internet. This is one of several services we provide in helping our customers defend their enterprise digital footprint, and manage external threats.

Q: My security software just recently discovered RiskIQ fingerprinting activity. How long have you been crawling the Internet?

A: We have been crawling the Internet at large since roughly 2009, for purposes of identifying our customers’ legitimate assets, and identifying rogue assets that impersonate our customers.

Q: How do I opt out?

A: This part is easy! Please send an email from your work email address to: discovery [at] riskiq [dot] net and provide us your contact information, and the subnets that you have direct control over that you would like excluded – and we will remove them from our discovery process.