RiskIQ External Threats


 RiskIQ External Threats



Detect and Respond to Targeted Digital Threats Across Web, Social, and Mobile Channels


What are External Threats?

External threats are malicious campaigns and threat actors that attempt to exploit security exposures in your attack surface that exist outside the firewall. All organizations with a digital presence are exposed to external threats by attackers who attempt to impersonate your brand and official communications channels on the internet, social media, and through mobile apps.


Targeted external threats that can compromise your employee or customer data security include:

  • Deep and dark web discussions about your organization

  • Phishing

  • Rogue and feral mobile apps

  • Social media impersonation of VIPs and support channels

  • Domain and subdomain infringement

  • Brand tarnishment and abuse

  • Data leakage

  • Phone & SMShing

  • Card cracking and remote deposit capture (RDC) fraud

  • Email spoofing and business email compromise (BEC)

Successful exploitation of these threats allows threat actors to steal customer or company data, distribute malware, divert user traffic, or otherwise exploit trust in your brand.

The RiskIQ External Threats solution sets enable security teams to detect and respond to these myriad threats as they appear in the wild, mitigating the impact that they have on your organization, employees, and customers. By combining the largest internet data sets available with the most comprehensive monitoring of digital channels, RiskIQ enables effective digital threat management.

Dive Deeper into the External Threats Solution Set

External Threats is based on a workflow engine that enables organizations to manage threats against them in a central location, with workflows, APIs, and tracking and auditing capabilities. The workflow engine is required for External Threats, but does not require the purchase of additional detection modules if workflow and event management is all that is needed as the basis of an organization’s digital threat management workflow.

For External Threats, each module can be setup to monitor threats against Brands. A brand is any discrete business entity, a line of business, department, agency, or division. External Threats Premium includes two brands per module. External Threats Enterprise includes five brands per module. Additional brands can be purchased as add-ons. In the case of the Social Executive Threats module, one brand is equivalent to 10 executive names.

External Threats Workflow Engine

External Threats Workflow EngineRiskIQ provides both a web interface and API access to clients and their support teams to submit and investigate events. The web interface is designed to provide users with all the necessary details for each type of threat in a single view to facilitate fast review and investigation.

For each threat event, users can take the following workflow actions:

  • Confirm: Validate event without sending an enforcement notice

  • Enforce: Generate and send a notice to initiate takedown, content removal, or another type of threat mitigation

  • Monitor: Automatically alert on any changes in content or behaviour of a suspicious event that raises its threat-level and could trigger future enforcement

  • Review: Set aside for discussion/review to decide on a proper response

  • Dismiss: Label event as a false positive

  • Assign a specific user to manage this event

  • Tag an event with a custom label for searching or reporting

  • Send the details of this event to a specified email address

Continuous monitoring of online resources lets customers know when threats have been successfully remediated, and RiskIQ’s post-resolution monitoring automatically re-opens events and alerts users to any tenacious threats posing a recurring risk to the organization.