RiskIQ Digital Footprint provides a dynamic view of an organization’s public-facing web presence — illuminating blind spots, enabling rapid response to threats, and informing intelligent risk management.
Companies today are tasked with securing and managing a vast, complex, and constantly changing internet attack surface:
- Vulnerability Management teams cannot protect what they do not know about. They need intelligent tools to properly assess the organization’s internet-exposed attack surface and prioritize areas of potential risk to assess or take action on.
- Digital Channels teams need to maintain a watchful eye on all company-owned assets in order to enforce compliance standards and identify any threats putting customers at risk, obstructing business operations, or exposing the organization to legal liability.
- GRC (Governance, Risk, and Compliance) teams need to measure compliance against internal standards, industry standards and/or regulatory requirements in addition to having the ability to monitor applications for liability exposure.
- Security Operations and Incident Response teams rely on timely and accurate intelligence in order to protect the organization and customers from emerging threats.
- IT Security teams need visibility into the current state of all company-owned infrastructure in order to correct failing, misconfigured, or hijacked infrastructure — and ensure the continued availability and security of web assets.
- IT Operations teams need full visibility over organizational assets to increase ROI, efficiently allocate web application and server resources, and consolidate external hosting options and internal server allocation for hosting web applications.
In order to limit risk, exposure and efficiently allocate resources, companies need to continuously monitor this shifting landscape and access accurate data on the current number and state of assets under their management. This challenge affects all companies with valuable data or a high-profile web presence.
RiskIQ’s proprietary discovery technology continuously defines your organization’s unique internet-exposed attack surface, and uncovers previously unknown and unmonitored properties. Discovered assets are indexed and classified in a RiskIQ inventory, providing a dynamic system of record of web applications, third party dependencies, and web infrastructure under the organization’s management through a single pane of glass.
Discovery and Inventory includes the discovery and monitoring of:
- Domain Names
- Web Pages
- IP Addresses and Blocks
- Name Servers
- SSL Certificates
- WHOIS Contacts
- Third Party Web Components
With clear, actionable event alerting and an intuitive workflow, collaboration and remediation interface, you will increase your organization’s effectiveness and reduce time to mitigation.
RiskIQ supports a wide range of event policies, so customers can manage and prioritize the events that are important to them. Each policy group allows customers to adjust RiskIQ to complement the company’s unique needs and organizational structure. Custom policies and alert settings allow users to detect and respond to security, performance, and compliance risks affecting a company’s web assets.
The RiskIQ web application portal provides a summary of events in a quick snapshot view for rapid assessment — and includes many additional details for further in-depth review and investigation.
Web Infrastructure Event Policies
RiskIQ automatically locates and indexes web infrastructure and consolidates asset information in a single, up-to-date view. This enables customers to
- Bring shadow IT under management and into compliance with company and industry IT security standards
- Detect failing infrastructure, unauthorized configurations, and DNS hijacking
- Locate assets affected by a compromised infrastructure component
- Maintain an updated inventory of every file within a site along with all of its locations, including large files which attackers can target for Denial of Service attacks
- Detect geo-location and browser-targeted attacks using RiskIQ’s unique virtual user crawling infrastructure and global proxy network
- Identify new and suspicious third-party resources and unauthorized changes to the organization’s infrastructure
- Instantly locate assets affected by a compromised third-party resource or infrastructure component
Web Indicators of Compromise Policies
RiskIQ Web Indicators of Compromise provides visibility into potential indicators of compromise across all websites under the organization’s management. In addition to suspicious Infrastructure change events, RiskIQ customers can:
Detect website defacement, and sophisticated malicious behaviors designed to elude traditional web security scanners by viewing from the perspective of end-users targeted by these threats
Web Compliance Policies
RiskIQ Web Compliance provides Digital Channels, Vulnerability Management, and Governance, Risk, and Compliance teams with clear and continuous visibility into the operation and compliance of all websites under the organization’s management.
· Continuously monitor all company-owned websites for content or code that does not comply with internal policies or government regulations
· Protect customer trust and loyalty by safeguarding personally identifiable information
· Bring shadow IT under management and into compliance with company and industry standards
· Shield the organization from costly oversights and operational inefficiencies and correct problems before they damage reputation or incur financial penalty
RiskIQ dashboards provide intuitive reporting options for clients to analyze event generation and enforcement. Reports include:
- Summary Report and a snapshot of the current health of an organization’s digital environment
- Trends and benchmarking improvements over time
- Review Page quickly review, confirm, enforce or dismiss incidents from a single pane of glass enabling efficiencies in your incident response team.
- Dashboard of all events across with event state and origin across a global map
- Screen Captures show the web page as RiskIQ rendered it, both on the first crawl and the most recent crawl to confirm the latest status
- Link Attributes show the characteristics of the link where the incident occurred, including its online status, the source, whether it was cloaked/ re-directed, the domain, and country of origin
- WHOIS Data to aid in investigating the site associated with an incident