What is RiskIQ Community? - RiskIQ

VIDEO

What is RiskIQ Community?

The RiskIQ Community Edition give digital threat hunters and defenders free access to our comprehensive internet data to hunt digital threats against their organization. RiskIQ Community Edition includes PassiveTotal and Digital Footprint community editions.

PassiveTotal allows Digital threat hunters access to the most comprehensive intelligence and data available to track and shut down attackers.

Threat infrastructure and attack patterns change all the time, so having data automatically linked and correlated means better coverage and faster means to response to investigations.

Digital Footprint community edition allows Digital threat defenders to understand their digital footprint— which is all of their digital assets and external attack vectors.

These defenders are tasked with protecting all the external assets that belongs to the organization, including assets that they might not know about, like development and staging servers or assets that were part of a merger or acquisition that were not inventoried.

RiskIQ community is a fully featured and functional product. Community limitations are

• 15 queries a day in the UI or API
• A single Private Project
• A single Keyword WHOIS or PDNS Artifact in any project
• In order to utilize Digital Footprint community edition, you must use your own corporate email address. Footprints will not be generated for free email accounts from Gmail, Yahoo, or Hotmail.

In order to start an investigation, just search for additional information on an artifact in the discovery window. Searching with the discovery option searches all search categories. But you can also perform pinpoint targeted searches as well searching for just Passive DNS records, Tags, WHOIS registrant details, SSL Certificates details, website trackers, and cookies.

PassiveTotal expedites investigations by connecting internal activity, event, and incident indicator of compromise (IOC) artifacts to what is happening outside the firewall—external threats, attackers, and their related infrastructure.

PassiveTotal simplifies the event investigation process and provides analysts access to a consolidated platform of data necessary to accurately understand, triage, and address security events.

PassiveTotal Simplifies and accelerates the investigative process and Intelligently aggregates and correlates data to provide context to events.

It Proactively tracks and alerts on changes in threat infrastructure to predict new attack vectors.

It helps to Identify threat actors and their infrastructure so you can proactively block it.

Your digital footprint contains your internet-facing assets – in essence, your company’s digital presence. This includes external websites, apps, microsites, logins, forms and promo pages, web servers, and other external infrastructure connected to an organization. Many of these assets exist, change, and are vulnerable without the knowledge of IT and security teams – you can’t protect what you don’t know.

Digital Footprints will not be generated for non-corporate email domains like Gmail, Yahoo, and Hotmail.

If you registered for RiskIQ community using your corporate email address your digital footprint has already been created and is visible on the initial landing page. Here you can see insights into your organization’s domain that have been identified within your digital footprint.

RiskIQ uncovers all digital assets appearing online that tie back to your organization, enabling your IT and security team to understand the attack surface outside your firewall, bring unknown assets under management, and surveying your digital footprint from the view point of a global adversary.

This information aids vulnerability management and pen test programs and teams to easily determine external assets, including websites, apps and components, that exist and may be potentially vulnerable to attack. Users can easily view their digital footprint to gain insights into open ports, Alexa rankings, and CVE’s with criticality. In Digital footprint community edition subdomains and host names are obfuscated in the UI and reports and not downloadable.

Community users can upgrade to Digital Footprint Snapshot. This leverages RiskIQ’s continuous internet reconnaissance, vast internet data sets, and advanced analytics to deliver an interactive Snapshot report comprised of a filterable graph and inventory details of connected, internet-facing assets. The UI and Reports are not obfuscated and are downloadable.

Threat defenders, such as those who manage vulnerability assessment and penetration testing programs, can interact with visual aids and insights to uncover and account for external assets and pinpoint potential security and compliance exposures that require attention.

Digital Footprint Snapshot is an automated, point-in-time report that can be purchased from RiskIQ on-demand, or as a quarterly subscription.

For organizations looking to mature their digital threat management program RiskIQ offers premium and enterprise versions of PassiveTotal and digital footprint for more information visit www.riskiq.com