SOC, Asset Management

Enrich Events and Investigations with Comprehensive Data Sets

In Security, Context is Key


The goal of any security operations center is to monitor the security tools, programs, and posture of an enterprise and respond rapidly to incidents. Most SOCs implement tens or hundreds of tools to secure their organizations from external digital threats. These tools enable vulnerability management programs, monitor network traffic, secure endpoints, scan email, detect intrusions, and prevent data from leaving the protection of the enterprise network.

All of these programs rely on accurate, intelligent, and actionable information to discover, detect, and respond to threats.

RiskIQ for Vulnerability and Asset Management


The first step to any cyber security program is understanding what must be defended. Any digital asset that your organization owns can be used as an attack vector. Many organizations depend on automated discovery tools that scan the network for devices connected directly to your network. But this leaves a significant blind spot—namely, assets you don’t know exist, or that exist outside of your network.

RiskIQ uses internet scanning technology and terabytes of online data to discover and inventory the assets that belong to your organization, which exist outside the firewall. On average, discovery by RiskIQ will yield 30% more assets than were thought to exist. These assets may include domains, IP blocks, name servers, and web servers. Once known, the platform can extract and report on the software that powers those assets.


With RiskIQ, you can:

Discover digital assets automatically with RiskIQ’s exclusive crawling technology and our extensive database of passive DNS and WHOIS information.

Maintain visibility into your digital footprint. RiskIQ continuously scans your inventory of assets, providing asset and vulnerability management teams with the assurance that assets are secure, compliant, and running up to date software.

Know when there are changes to your existing assets. After identification, RiskIQ continuously scans the internet to discover new assets and alert on changes to identify non-compliance or compromise.

RiskIQ for Digital Threat Detection


With the number of attacks waged against organizations every day, cyber security operations teams are on high alert for any threats that are detected across their internal network, the web, social media, email, and mobile application ecosystems.

RiskIQ provides the most comprehensive data coverage of any major platform for monitoring and detecting threats outside the firewall across digital channels like web, mobile, and social.


With RiskIQ, you can:


Detect threats across the web, social ecosystems, and mobile app stores. With virtual user technology, RiskIQ surfaces digital threats as they come online or as they’re found in stores to allow your teams to respond as quickly as possible.

Monitor multiple platforms and networks from a single pane of glass. Using RiskIQ enables users to monitor the entire internet, along with social networks like Facebook, LinkedIn, Twitter, Google+, Pinterest, and more than 150 mobile app stores.

Automate phishing detection and confirmation by monitoring your internal and external abuse boxes. RiskIQ will crawl emails submitted to your abuse box, look for phishing, and if it’s found, automatically submit the page to Google Safe Browsing and Microsoft SmartScreen for automated blocking.

RiskIQ for Threat Response and Mitigation


Attacks against your organization come in hundreds of different forms. One thing is for sure, though: the majority will come from outside the firewall. These threats may be in the form of compromised web servers, misconfigured IT infrastructure, phishing of credentials or personal information from employees and customers, malware, or imposter social media accounts designed look official and convince them to share personal details.

RiskIQ crawls the web looking for domain and subdomain infringement, phishing websites, fraudulent social media profiles, imposters, and malicious mobile applications. Once found, we provide simple, one-click enforcement and takedown of the digital threat.

Understand how RiskIQ and SIEM work together in this tech note.


With RiskIQ, you can:


Respond to digital threats with intelligent workflows and in-app enforcement capabilities.

Remove or take down websites, social media profiles, and mobile apps. RiskIQ maintains the contact information for registrars, social platforms, and app stores, enabling three click takedown requests directly to hosting providers and app stores.

Block your users and employees from visiting phishing sites using integrated workflows that automatically submit pages to Google Safe Browsing and Microsoft SmartScreen. This shortens the life of campaigns and blocks 95% of web traffic from accessing the phishing site.

Gain visibility into threats against your brand by monitoring for domain squatters, typosquatters, and potential infringement outside of your organization. RiskIQ cyber security continuously scans the internet to discover new threats and alert on changes to monitored sites that might indicate weaponization or activation from a parked status.

RiskIQ for Compliance


With the drastic increase in cyberattacks against organizations and customers, regulatory agencies and governing bodies are strictly enforcing compliance requirements and holding organizations accountable for violations of those rules and regulations.

Organizations that implement frameworks or regulations from NIST, NERC, FISMA, or PCI are all required to maintain asset inventories that detail the location, accessibility, patch level, and ownership of the assets. These requirements cover all digital assets, including those that exist outside the firewall and outside traditional vulnerability scanning technologies.

To meet these requirements, organizations need a complete and continuously updated view of their digital assets across web, mobile, and social environments through a single pane of glass.


With RiskIQ, you can:


Verify compliance with a given policy in real time. Prepare for audits and perform reporting on the inventory and the state of assets under management.

Reduce the burden of compliance audits. With additional visibility for page-level policies, organizations can instantly search and pivot within asset inventory to locate or remediate all pages containing issues such as vulnerable frameworks or unauthorized third-party web components.

Enrich existing governance tools. Continuous monitoring from the perspective of end-users interacting with company websites, social media profiles, and branded mobile apps complements compliance tools and provides added visibility into their current state and behavior in-the-wild.

Automate the task of tracking all owned assets such as SSL certificates, which sites they are associated with, and their expiration status. The RiskIQ Attack Surface Management Platform sends real-time alerts about gaps in cyber security and compliance.

Support the initial audit process for mergers and acquisitions with RiskIQ, identifying all websites belonging to an organization, including pages that collect data. RiskIQ also flags situations where data collection is not encrypted, or SSL is configured incorrectly.