Incident Response

Increase your visibility into external threats and improve your ability to understand their nature.

A Force Multiplier

The massively increasing size and scale of the Internet continues to lower the bar for hackers to carry out successful attacks. Attackers simply have too many places to hide online, and the decreasing costs of infrastructure enables threat actors to rapidly build and deploy infrastructure for their attacks. Today’s top incident-response teams—no matter the size and maturity level—need visibility into their growing attack surface so they can bring unknown or shadow IT assets under management and quickly respond to threats to their company, its brand, and its customers.

Increased visibility.

RiskIQ’s industry-leading external threat platform provides incident-response teams with full visibility into security threats outside their organization’s firewall. It delivers scalable internet (i.e domain, social media, and mobile app) monitoring and tools for threat infrastructure analysis that help your team better understand threat actors, their intentions and capabilities, and tools they use to execute external attacks. With a dynamic view of your attack surface, RiskIQ also helps you identify infrastructure changes that may be indicators of compromise.

Related Products

RiskIQ and You

Respond to external threats.

With RiskIQ, incident responders can identify the actions of the attacker, scope of the breach, its impact, and the steps required to stop the attacker. They can then identify and understand the adversary with threat infrastructure analysis from PassiveTotal, which automates indicator of compromise discovery, tagging, and classification via custom signatures.

With PassiveTotal’s comprehensive datasets, your investigations to identify adversaries targeting your organization are quick and easy. Your team can:

  • Spend your time analyzing threat data instead of collecting, processing and enriching it on your own.
  • Identify over lapping infrastructure using passive DNS, WHOIS, SSL certificates and more.
  • Quickly identify patterns in infrastructure data and narrow focus using interactive visuals and color-based markings.
  • Integrate the power of PassiveTotal into your own organization using our rich APIs and open source tools.

RiskIQ In Action

Threat actors can target your organization through a variety of digital channels such as social media and rogue or fake mobile apps. Your team needs the data that helps them quickly understand the nature of the threat and respond accordingly.

  • Disrupt attacks like phishing as they happen, then learn how the threat actors built their phishing kits with PassiveTotal, which gives you actionable WHOIS and DNS data to map out and analyze the phisher’s infrastructure. Once you understand how the phishing kit works, your team can take down the phish and block visitors to confirmed phish URLs with RiskIQ Anti-Phishing.
  • With full visibility into their attack surface, incident responders can also quickly identify suspicious or malicious mobile apps. Discovering these apps and monitoring the third-party app stores in which they’re sold enables your team to not only take swift action against incidents of mobile trademark abuse and copycat apps, but also understand the scope of the threats in the mobile app ecosystem.