Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Increasing scrutiny in the face of data breaches and new, technology-centric regulation have led to security teams being more responsible for compliance tasks. As with all security processes, automation and visibility are key needs to ensure that control validation and remediation of non-compliance are efficient, documented, and easily managed.
Organizations that implement frameworks or are governed by regulations such as GDPR, NIST, NERC, FISMA, or PCI-DSS are all required to maintain asset inventories that detail the location, accessibility, patch level, and ownership of the assets. These requirements cover all digital assets, including those that exist outside the firewall and outside traditional vulnerability scanning technologies. However, you can’t mitigate what you don’t see.
RiskIQ Digital Footprint provides automated discovery and intelligence on internet-facing assets connected to a business, allowing security teams to pinpoint exposures and reduce an organization’s digital attack surface. After discovery, Digital Footprint provides faster prioritization of remediation activities through the correlation of exposed digital assets, vulnerabilities, and and security gaps. Automated analysis classifies and validates security controls, including our new PII/GDPR analytics that tag assets that collect personally identifiable information (PII) or track visitors using cookies.
The comprehensive inventory, advanced analytics, and up-to-date details about external assets gives organizations the confidence that they will have visibility into external assets and be audit-ready.
Download the White Paper
Effective May 25, 2018, any organization which collects or stores information about European Union (EU) citizens is required to abide by the General Data Protection Regulation, or GDPR. A way to consolidate European privacy laws governing data, the GDPR applies to most global businesses, including those who don’t necessarily have a physical presence in an EU country.
GDPR introduces strict requirements for how businesses solicit, handle, and secure personal data. The challenge for larger organizations is the sheer volume and complexity of websites and web applications that need to be identified and inspected that collect personally identifiable information (PII). PII, according to the GDPR, includes information that can be used to tie data and activities back to an individual, such as name, address, phone number, email address, social media presence, photos, lifestyle choices and preferences, IP addresses, location data, and more.
Questions that need to be asked when evaluating your security hygiene through a GDPR lens are:
Digital Footprint helps with GDPR compliance by identifying websites within an organization’s footprint that collect and process PII. Digital Footprint provides organizations with the capability to:
Download the RiskIQ Digital Footprint GDPR Discovery Data Sheet
RiskIQ Digital Footprint provides an automated inventory and details about the external assets that belong to an organization that exist outside the safety of the firewall. The details about your external assets can be matched against corporate or industry/government policy to audit compliance and support remediation.
RiskIQ’s proprietary discovery technology automatically identifies and indexes company-owned digital assets—including third-party code and component relationships and dependencies between assets.
With RiskIQ, compliance tasks that used to be time consuming and tedious are now automated and simple:
Verify compliance with industry standards or government regulations, or create your own corporate security policies in real time. Prepare for audits and perform reporting on the external asset inventory and the details about those assets, such as software, frameworks, and vulnerabilities.
Reduce the burden of compliance audits. With additional visibility for page-level policies, organizations can instantly search and pivot within asset inventory to locate or remediate pages or full sites with vulnerable frameworks, CVEs, insecure data collection, or unauthorized third-party web components.
Enrich existing GRC tools. Continuous monitoring from the perspective of end-users interacting with each web page complements compliance tools and provides added visibility into their current external behaviors.
Automate the task of tracking all owned assets such as domain names, pages collecting PII, SSL certificates, associated sites, and their expiration status. Digital Footprint sends real-time alerts about gaps in security and compliance.
Filter external assets based on ownership, brand, policy requirements, criticality, vulnerability (CVE or CVSS score), or custom tags and classifications (like PCI-DSS or GDPR).
Support the initial audit process for mergers and acquisitions with RiskIQ, identifying all websites belonging to an organization, including pages that collect data. RiskIQ also flags situations where data and PII collection is not encrypted, or SSL is configured incorrectly.
Download the RiskIQ For Compliance Solution Brief