New Internet Data Sets, Monitoring, and Project Features Yield Greater Context Into Attackers’ Infrastructure
RiskIQ, the leader in external threat management, today announced major enhancements coming to RiskIQ PassiveTotal, its world-class threat investigation platform. The enhancements will enable security teams to better address the massive increase in web, social, and mobile cyber threats. New features will simplify and accelerate incident investigation processes, provide external context to security alerts, and reveal threat infrastructure so organizations can accurately understand, triage, and mitigate incidents.
Using RiskIQ PassiveTotal, security teams have access to the largest number of internet data sets in a single platform, allowing them to work faster and more intelligently. In a recent survey of over 400 PassiveTotal customers, 100% of respondents said they save at least 1-3 hours a week researching threats.
"PassiveTotal gives our security research team access to the most critical data sets necessary to investigate and connect threat infrastructure, all without leaving the platform," said Irena Damsky, senior director of security research at ThreatSTOP. "The intuitive new project capability and real-time alerts on infrastructure and threat elements that we're investigating make it easier for our team to continuously monitor and detect new and advanced threats."
RiskIQ is recognized as a leader and received the highest score for the current offering category in The Forrester Wave™: Digital Risk Monitoring, Q3 2016. RiskIQ views threat infrastructure analysis as a core tenet of a complete DRM program. The report put the C-suite on notice that they must address threats beyond the firewall as part of a complete security program, or “remain susceptible to a wide variety of brand, cyber, and physical risk events.” Organizations must be able to analyze and correlate the most thorough data sets available across web, social, and mobile in order to reduce their digital risk; a task made easy by PassiveTotal.
With the latest release, PassiveTotal continues to strengthen RiskIQ’s platform, which uniquely combines publicly available and proprietary data sets with predictive analytics to automate the investigation processes and keep pace with the shifting threat landscape. Rather than attempt to assemble, learn, and use a myriad of tools, PassiveTotal offers an end to end platform. Security analysts can readily pivot between extensive data sets to intelligently surface seemingly unrelated threat infrastructure to get ahead of attackers and prevent their next moves. As a result, security staff can reduce the time to understand new threats, speed up investigations, and more effectively remediate incidents.
“Organizations are moving business-critical resources from behind the protection of firewalls to the internet to enhance customer engagement and gain operational efficiency. This exposes the company and its customers to organized threat actors and advanced persistent threats beyond conventional layered defenses,” said Arian Evans, VP of product strategy at RiskIQ. “The good news for defenders is that we can show them the muddy footprints in cyberspace to help proactively address new threats and block impending attacks before they happen.”
Key enhancements in PassiveTotal allow analysts and security teams to:
- Predict threats forming on the internet: New monitoring capability in PassiveTotal provides analysts and threat investigators with proactive notification of changes on infrastructure they’re watching or interested in, as well as the ability to set notifications on new data sets such as SSL certificate details, current and historical WHOIS registrant information, and more.
- Investigate infrastructure used to launch attacks: Automatically aggregate and correlate data from passive DNS, email, SSL certificates, host pairs, web trackers, WHOIS, and comprehensive web crawling, to provide context about security events that would otherwise take an analyst days or hours of manual analysis. With the newly designed user interface, users can narrow investigations and only highlight infrastructure changes and resolutions to a specific timeframe.
- Defend internet-exposed assets from attackers: Enable cyber defense project management by grouping similar infrastructure and investigation elements into sharable projects, making it easier to collaborate with other analysts and researchers. Organize responders to uncover and proactively block hidden facets of attacker infrastructure and set monitors to be made aware of new or changed infrastructure elements that may target a brand for reputation hijacking, phishing, or other malicious activity.
The new release of PassiveTotal is currently in beta and will be generally available in the coming weeks.
RiskIQ is a cybersecurity company that helps organizations discover and protect their external-facing known, unknown, and third-party web, mobile, and social assets. The company’s External Threat Management platform combines a worldwide proxy and sensor network with synthetic clients that emulate users to monitor, detect, and take actions against threats. RiskIQ is used by thousands of companies including many of the Fortune 500 and leading financial institutions to protect their digital assets, users, and customers from external security threats. The company is headquartered in San Francisco, California, and backed by growth equity firms Summit Partners and Battery Ventures.