RiskIQ for Incident Response

React as Quickly as Those Targeting You

A Good Defense is the Best Offense


Today, a phishing site is live for only 30 hours on average. By that time, taking down the site is pointless. The cyber criminal has made their profit and moved on. Even if detected and reported right away, ISPs and registrars are often unable to handle takedown requests quickly enough to be an effective mitigation strategy.

In a short period, incident responders must be able to deal with a large volume of incoming events, review them, and quickly and efficiently enforce them without the wasted time of false positives. They also must be able to view high-level metrics on how their company’s security posture is doing, where they’re getting hit the hardest, and how their work is having an impact—all in a single pane of glass.

RiskIQ and You:


RiskIQ’s machine learning-based digital threat detection eliminates more false positives than other automated detection systems, saving thousands of analyst hours weeding out and enforcing active incidents.

RiskIQ applies this detection to the various source feeds our platform ingests and can also automate processing your organization’s abuse boxes, web server referrer logs, and DMARC reports.

Learn how to proactively investigate threats in the Webinar: The Evolution of Threat Investigation


With RiskIQ, you can:

Prevent digital threats. RiskIQ’s event review workflow includes built-in integration with Google Safe Browsing and Microsoft Smart Screen to submit confirmed events to their respective blacklists automatically. This way, the threat is neutralized within minutes rather than hours for >95% of users on the Internet.

Correlate related events inside the PassiveTotal investigations platform, where analysts can quickly discover other threat infrastructure owned by the same actor to block it proactively.

Collaborate to avoid duplicating work. RiskIQ’s event management workflow records all analyst touches, including status changes, notes, and tags, and assigns event ownership to specific users to avoid confusion.

Understand where improvements can be made in the process to boost efficiency. RiskIQ records key metrics aimed at helping your organization better assess its risks.

Improve total uptime. RiskIQ breaks down total uptime into time from detection to confirmation, confirmation to blocking, and enforcement to resolution, so that you can see where there’s room for improvement.

See breakdowns by target brand, target country, and origin country as well as trend data over time to help identify campaigns. RiskIQ’s reporting helps you understand who is targeting your org the most and how.