RiskIQ Digital Footprint
Visualize and Defend your Attack Surface
Your digital footprint is your company’s digital presence. Many of these assets exist, change, and are vulnerable without the knowledge of security teams. You can’t protect what you don’t know about.
Why is your Footprint important?
Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors. For a large enterprise, unknown assets often exist by the hundreds and are typically easy for even novice hackers and threat groups to find. Because they’re unmonitored, they provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at you. After all, following an attack or breach, saying “we didn’t know that asset existed,” doesn’t mitigate the damage done.
Beyond just knowing that an asset exists, it’s critical to understand what powers that asset such the type of server it is, software and frameworks running on that server, as well as any vulnerabilities associated with it. Exploited vulnerabilities on internet-facing assets are the leading cause of data breaches from external threat actors.
Once you have an accurate, detailed inventory of external assets in your digital footprint, it is far easier to understand, prioritize, and implement mitigation techniques to ensure that all of your external assets are protected. This inventory of your assets is also critical for compliance with numerous industry regulations.
How does RiskIQ discover your Digital Footprint?
RiskIQ uses virtual user technology to discover web assets and experience them like a real user (or attacker performing reconnaissance) does, allowing you to accurately identify, monitor, and manage your entire internet attack surface from the outside in.
RiskIQ virtual users go beyond simple crawling, visiting websites using different browsers, varying click patterns and time on page to behave as a human user would. Our technology can continuously monitor websites while evading stealthy anti-detection techniques. Virtual users are launched from an evolving residential, commercial, and mobile proxy network of more than 520 egress points in more than 40 countries.
Using a network of tens of thousands of these virtual users, we scan the entire internet and collect telemetric data to produce a dynamic index of your web attack surface. This process illuminates websites, mobile apps, URLs, web page content, ASNs, IPs, and nameservers, many of which are often not in your inventory. RiskIQ uncovers all digital assets appearing online that tie back to your organization, enabling your security team to understand the attack surface outside your firewall, bring unknown assets under management, and survey your digital footprint from the view of a global adversary.
Beyond an accurate, up-to-date inventory of all of your internet-facing digital assets, Digital Footprint also monitors those digital assets for changes, defacement, policy compliance, or even the appearance of malware.