Product Overview of RiskIQ
RiskIQ, now integrated into Microsoft’s security portfolio following its acquisition in August 2021, is a leading solution in attack surface management and global threat intelligence. Here’s a detailed overview of what the product does and its key features and functionality.
What RiskIQ Does
RiskIQ is designed to help organizations discover, assess, and secure their entire enterprise attack surface. This includes assets across multiple clouds (such as Microsoft Azure, AWS, and others), on-premises environments, and even those within the supply chain. The platform provides comprehensive visibility into an organization’s digital estate, enabling security teams to identify and remediate vulnerable assets before they can be exploited by attackers.
Key Features and Functionality
Attack Surface Management
RiskIQ offers robust attack surface management capabilities, allowing organizations to map and monitor their entire internet-facing attack surface. This includes identifying and assessing the security of all assets, whether they are in the cloud, on-premises, or part of the supply chain.
Global Threat Intelligence
The platform aggregates and analyzes threat intelligence from across the internet, leveraging a community of security researchers and machine learning algorithms. This intelligence helps organizations understand the source of attacks, the tools and systems used by attackers, and indicators of compromise, enabling quicker detection and neutralization of threats.
PassiveTotal
RiskIQ’s PassiveTotal service is a key component, aggregating data from the entire internet to identify threats and attacker infrastructure. This service provides outside-the-firewall context, helping organizations understand the entities attacking them and their methods, tools, and systems.
Integration and Visibility
RiskIQ integrates seamlessly with other security tools and platforms, such as Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel. This integration enhances the visibility and protection of an organization’s digital estate, allowing for a more comprehensive view of global threats and faster response times.
Enhanced Incident Response
The platform accelerates incident response by providing detailed threat intelligence that enriches incident data. This enables security teams to quickly identify and remove malicious infrastructure, such as domains and IPs, and understand the full scope of a cyberattack.
Defender External Attack Surface Management (EASM) and Defender Threat Intelligence
Following the acquisition, Microsoft has built on RiskIQ’s capabilities to introduce Defender EASM and Defender Threat Intelligence. These offerings leverage RiskIQ’s expertise to help customers see their attack surface from an attacker’s perspective and provide comprehensive threat intelligence across multi-cloud environments.
Benefits
- Comprehensive Visibility: Provides a complete view of the organization’s digital attack surface.
- Enhanced Threat Intelligence: Offers continuous and global threat intelligence to help identify and mitigate threats.
- Accelerated Incident Response: Enables faster and more effective incident response through detailed threat intelligence and automated actions.
- Integration with Microsoft Security Solutions: Enhances the capabilities of Microsoft’s security portfolio, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel.
In summary, RiskIQ is a powerful tool for organizations seeking to strengthen their cybersecurity posture by gaining comprehensive visibility into their attack surface and leveraging global threat intelligence to protect their digital estate.