PassiveTotal Defenders & Penetration Testers Use Case

Defenders & Penetration Testers Use Case

Target Groups

Threat Intel, SOC, Pen. Testers

Problem Statement

In order to perform an investigation or security assessment requires having many different internet data sets that are linked and chained together.  Data sets need to include ownership information, running applications, installed frameworks, vulnerabilities, and relationships between websites.  

Desired Outcome

  • Quickly begin an investigation without having to link multiple data sets together and normalize the data.
  • Using a single data artifact quickly understand relationships linking threat actor infrastructure together with other known bad infrastructure.
  • Understand all assets and infrastructure that is externally facing on the internet.
  • Be able to drill down on insights to determine risk and vulnerabilities that exist within an organizations digital footprint.
  • Be able to export the digital footprint to be used by staff and imported into vulnerability scanner solution.
  • Query and organizations domain to understand installed web components to begin penetration testing.
  • Understand the reputation of a domain or other data artifact to determine if it is malicious or not.
  • Create projects to have the system alert when new information is seen on a monitored artifact.

RiskIQ Approach

RiskIQ has one of the largest current and historic internet data sets available.  This allows for penetration testers or vulnerability management administrators the ability to quickly understand an organization's entire external digital footprint and vulnerabilities that exist on particular assets.  This allows for staff to quickly gauge risk to remediate vulnerabilities or start a penetration assessment.

Organizations can use an interactive map to understand and filter for security risks and other infrastructure information.

Complete list of web components and filters are available to isolate assets out of the inventory.

Information can also be viewed as a data table, or downloaded to it can be imported into vulnerability or penetration tools.  Interactive linked list is also available to help gain understanding of connectedness and asset vulnerabilities.

How To Guides

How to view your organizations digital footprint.