Empowers customers to fight back by detecting malicious activity as it appears on the Internet
San Francisco – July 28, 2016 – RiskIQ, the leader in external threat management, today announced general availability for its Security Intelligence Services, a ground-breaking new product that uses the Internet itself as a detection system to automatically defend a network from cyber attacks. Attackers use automation and can launch sophisticated attacks at very low cost by rotating and reusing undetected infrastructure. RiskIQ has provided defenders with access to Internet datasets, advanced analytics and machine learning to stay one step ahead. With Security Intelligence Services, RiskIQ now detects unknown threats at the source and tracks how attacks change and spread—in real-time.
“The security team’s visibility is mostly based on what they see on the corporate network but once they detect a threat locally, the attacker has already moved —this fact limits defenders’ efficacy—they are always playing catch up,” said Arian Evans, VP of Product Strategy at RiskIQ. “Using the Internet as a replacement for the corporate network, we provide real-time information on the attacker as soon as their attack goes live or moves.”
With thousands of customers and processing petabytes of Internet datasets daily, RiskIQ is a pioneer in expanding the reach of the security program to prevent attacks. The comprehensive service includes:
Passive DNS (PDNS) data, a system of record that stores DNS resolution for a given domain or IP address, provides security analysts with insight into how a particular domain name or IP address changes over time. RiskIQ’s implementation of PDNS enables programmatic links between related domains/IP addresses and, when researching an event, can provide context to an attack or additional malicious domains/IP addresses. PDNS helps identify the indicator of compromise through correlation of historical resolution lookups, time-based analysis, and fully qualified domain name lookups.
WHOIS data, an internet database of ownership information about a domain, IP address or subnet, can give an organization insight into those behind an attack campaign. WHOIS data helps determine the maliciousness of a given domain or IP address based on ownership records. Using domain registration information, an organization can unmask an attacker’s infrastructure by linking a suspicious domain to other domains registered using the same or similar information.
RiskIQ Attack Analytics, a proprietary RiskIQ dataset, is based on malicious observations inside of real-time Internet datasets. As attacks evolve and propagate outside of your network, RiskIQ behavioral analytics identifies cyber threats and provides customers with filtered lists of known bad hosts, domains, IPs and URLs. These feeds allow any enterprise security organization to leverage RiskIQ’s vast Internet datasets and expertise to proactively defend their environment’s networks or endpoints from threats.
Newly Observed Domains, the first of our attack analytics feeds, is a proprietary enriched RiskIQ dataset containing newly resolving domains. Threat actors often programmatically use different domains for their attack campaigns, therefore newly active domains can serve as a guide to whether a domain is legitimate or not. RiskIQ’s continually updated Newly Observed Domains provides customers with near real-time intelligence of domains seen for the first time. Organizations can proactively defend against new domains that could be hosting phishing sites, distributing or operating malware or posing other cyber threats by blocking newly observed domains for a specified time period based on policy and risk tolerance.
"To solve this incredibly difficult problem, RiskIQ has assembled the only complete source of real-time Internet datasets combined with the machine learning and analytics capable of generating truly predictive results," continued Arian Evans, VP of Product Strategy at RiskIQ.
“Security Intelligence Services is a major innovation for threat detection—finding threats first using the Internet as a sensor and then using automation to inform the corporate network to block, thereby freeing up resources and increasing the cost to attackers to launch further attacks—in this current state of rapidly morphing threats."
Customers can access RiskIQ Security Intelligence Services through a sandbox to test data structures and explore information via a user-friendly interactive application programming interface (API) and documentation. Data from RiskIQ Security Intelligence Services can then be easily integrated with commonly used security platforms to investigate and protect against threats such as:
- Advanced persistent threats (APT)/Malware hosting and distribution
- Phishing, spear phishing and whaling
- Domain name abuse/Copycat domains
- Email abuse
- Watering holes
For pricing inquiries, please contact sales at RiskIQ. Security Intelligence Services is available on the RiskIQ website at http://www.riskiq.com/products/security-intelligence-services