News
RiskIQ Advances PassiveTotal to Improve Digital Risk Monitoring Across Growing Web, Social, and Mobile Threats
November 2016 by Marc Jacob
RiskIQ announced major enhancements coming to RiskIQ PassiveTotal,
its world-class threat investigation platform. The enhancements will enable security
teams to better address the massive increase in web, social, and mobile cyber
threats. New features will simplify and accelerate incident investigation processes,
provide external context to security alerts, and reveal threat infrastructure so
organizations can accurately understand, triage, and mitigate incidents.
Using RiskIQ PassiveTotal, security teams have access to the largest number of
internet data sets in a single platform, allowing them to work faster and more
intelligently. In a recent survey of over 400 PassiveTotal customers, 100% of
respondents said they save at least 1-3 hours a week researching threats.
RiskIQ is recognized as a leader and received the highest score for the current
offering category in The Forrester Wave™: Digital Risk Monitoring, Q3 2016. RiskIQ
views threat infrastructure analysis as a core tenet of a complete DRM program. The
report put the C-suite on notice that they must address threats beyond the firewall
as part of a complete security program, or “remain susceptible to a wide variety
of brand, cyber, and physical risk events.” Organizations must be able to analyze
and correlate the most thorough data sets available across web, social, and mobile
in order to reduce their digital risk; a task made easy by PassiveTotal.
With the latest release, PassiveTotal continues to strengthen RiskIQ’s platform,
which uniquely combines publicly available and proprietary data sets with predictive
analytics to automate the investigation processes and keep pace with the shifting
threat landscape. Rather than attempt to assemble, learn, and use a myriad of tools,
PassiveTotal offers an end to end platform. Security analysts can readily pivot
between extensive data sets to intelligently surface seemingly unrelated threat
infrastructure to get ahead of attackers and prevent their next moves. As a result,
security staff can reduce the time to understand new threats, speed up
investigations, and more effectively remediate incidents.
Key enhancements in PassiveTotal allow analysts and security teams to:
Predict threats forming on the internet: New monitoring capability in PassiveTotal
provides analysts and threat investigators with proactive notification of changes on
infrastructure they’re watching or interested in, as well as the ability to set
notifications on new data sets such as SSL certificate details, current and
historical WHOIS registrant information, and more.
Investigate infrastructure used to launch attacks: Automatically aggregate and
correlate data from passive DNS, email, SSL certificates, host pairs, web trackers,
WHOIS, and comprehensive web crawling, to provide context about security events that
would otherwise take an analyst days or hours of manual analysis. With the newly
designed user interface, users can narrow investigations and only highlight
infrastructure changes and resolutions to a specific timeframe.
Defend internet-exposed assets from attackers: Enable cyber defense project
management by grouping similar infrastructure and investigation elements into
sharable projects, making it easier to collaborate with other analysts and
researchers. Organize responders to uncover and proactively block hidden facets of
attacker infrastructure and set monitors to be made aware of new or changed
infrastructure elements that may target a brand for reputation hijacking, phishing,
or other malicious activity.
The new release of PassiveTotal is currently in beta and will be generally available
in the coming weeks.
