See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
Act Quickly and Confidently Against Digital Threats
In the SOC, you need to sift through a flood of alerts to quickly and accurately assess suspicious activity, exposures, and exploits, and their potential impact on your brand, employees, and customers. You need the data and tools that can provide your team with full visibility into digital threats outside the firewall that are directly related to security issues and incidents within your firewall — as well as means to effectively validate, triage, and mitigate threats.
The average total lifetime of a phishing site today is around 30 hours. By that time, taking it down is almost irrelevant as the threat actor has almost certainly moved on. Even if detected and reported right away, ISPs and Registrars usually can’t handle takedown requests in a short enough period. RiskIQ’s scalable internet monitoring of digital threats and threat infrastructure analysis tackles this challenge head-on.
RiskIQ takes the approach of blocking threats as the first course of action. Our event review workflow includes built-in integration with Google Safe Browsing and Microsoft SmartScreen to automatically submit and block confirmed threats, including phishing and malware. This way, the threat is neutralized to 95% of all web traffic within minutes rather than hours. The threat is mitigated and damage prevented while the takedown request is pending.
For everything else, the RiskIQ interface is designed to present analysts with the data they need to assess and take action against a digital threat quickly:
With this information, analysts can quickly key in on what’s necessary to confirm or dismiss an alert at a glance without having to look up information in other tools.
After identifying a threat, RiskIQ gives researchers the information and relevant context to automatically bridge the pieces of an investigation within the organization. Using data sets that include passive DNS resolutions, current and historical WHOIS information, SSL certificate information, as well as other web infrastructure components like analytics tracking codes, PassiveTotal provides intelligent pivots and searches that can identify threat actors, as well as uncover additional infrastructure that they may use to conduct attacks.
RiskIQ also provides additional insight into SIEM alerts through our vast databases of dangerous URLs, phishing pages, blacklisted hosts and domains, known malware hashes, and more, which are also accessible via the RiskIQ platform and API. This data improves prioritization and efficiency when investigating alerts, and allows teams to accurately address more alerts in less time.
Read more about our products and how they can help you understand, detect, and mitigate digital threats against your organization
Security Intelligence Services