Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Increasing scrutiny in the face of data breaches and new, technology-centric regulation have led to security teams being more responsible for compliance tasks. As with all security processes, automation and visibility are key needs to ensure that control validation and remediation of non-compliance are efficient, documented, and easily managed.
Organizations that implement frameworks or are governed by regulations such as GDPR, NIST, NERC, FISMA, or PCI-DSS are all required to maintain asset inventories that detail the location, accessibility, patch level, and ownership of the assets. These requirements cover all digital assets, including those that exist outside the firewall and outside traditional vulnerability scanning technologies. However, you can’t mitigate what you don’t see.
RiskIQ Digital Footprint provides automated discovery and intelligence on internet-facing assets connected to a business, allowing security teams to pinpoint exposures and reduce an organization’s digital attack surface. After discovery, Digital Footprint provides faster prioritization of remediation activities through the correlation of exposed digital assets, vulnerabilities, and and security gaps. Automated analysis classifies and validates security controls, including our new PII/GDPR analytics that tag assets that collect personally identifiable information (PII) or track visitors using cookies.
The comprehensive inventory, advanced analytics, and up-to-date details about external assets gives organizations the confidence that they will have visibility into external assets and be audit-ready.
Download the White Paper
Effective May 25, 2018, any organization which collects or stores information about European Union (EU) citizens is required to abide by the General Data Protection Regulation, or GDPR. A way to consolidate European privacy laws governing data, the GDPR applies to most global businesses, including those who don’t necessarily have a physical presence in an EU country.
GDPR introduces strict requirements for how businesses solicit, handle, and secure personal data. The challenge for larger organizations is the sheer volume and complexity of websites and web applications that need to be identified and inspected that collect personally identifiable information (PII). PII, according to the GDPR, includes information that can be used to tie data and activities back to an individual, such as name, address, phone number, email address, social media presence, photos, lifestyle choices and preferences, IP addresses, location data, and more.
Questions that need to be asked when evaluating your security hygiene through a GDPR lens are:
Digital Footprint helps with GDPR compliance by identifying websites within an organization’s footprint that collect and process PII. Digital Footprint provides organizations with the capability to:
Download the RiskIQ Digital Footprint GDPR Discovery Data Sheet
RiskIQ Digital Footprint provides an automated inventory and details about the external assets that belong to an organization that exist outside the safety of the firewall. The details about your external assets can be matched against corporate or industry/government policy to audit compliance and support remediation.
RiskIQ’s proprietary discovery technology automatically identifies and indexes company-owned digital assets—including third-party code and component relationships and dependencies between assets.
With RiskIQ, compliance tasks that used to be time consuming and tedious are now automated and simple:
Verify compliance with industry standards or government regulations, or create your own corporate security policies in real time. Prepare for audits and perform reporting on the external asset inventory and the details about those assets, such as software, frameworks, and vulnerabilities.
Reduce the burden of compliance audits. With additional visibility for page-level policies, organizations can instantly search and pivot within asset inventory to locate or remediate pages or full sites with vulnerable frameworks, CVEs, insecure data collection, or unauthorized third-party web components.
Enrich existing GRC tools. Continuous monitoring from the perspective of end-users interacting with each web page complements compliance tools and provides added visibility into their current external behaviors.
Automate the task of tracking all owned assets such as domain names, pages collecting PII, SSL certificates, associated sites, and their expiration status. Digital Footprint sends real-time alerts about gaps in security and compliance.
Filter external assets based on ownership, brand, policy requirements, criticality, vulnerability (CVE or CVSS score), or custom tags and classifications (like PCI-DSS or GDPR).
Support the initial audit process for mergers and acquisitions with RiskIQ, identifying all websites belonging to an organization, including pages that collect data. RiskIQ also flags situations where data and PII collection is not encrypted, or SSL is configured incorrectly.
Download the RiskIQ For Compliance Solution Brief