|[August 05, 2014]
RiskIQ Provides X-Ray Visibility into Security Threats Outside the Firewall that Pose Hazards to Customers
LAS VEGAS --(Business Wire)--
RiskIQ, the company that reveals
enterprise risks outside the firewall, today announced an automated
platform with global reach that enables organizations to discover, scan
for malware and gather threat intelligence on all websites and mobile
apps that are legitimately or illegally associated with their business.
The technology provides companies with actionable intelligence needed to
prevent criminals from exploiting their brands to plant attacks that
target unsuspecting users. RiskIQ will demonstrate its platform this
week at Black Hat USA booth 122.
CLICK TO TWEET: .@RiskIQ provides
X-Ray visibility into web and mobile #securitythreats http://bit.ly/UA5rqE
"The current incident prevention/response approach for information
security lacks the ability to see threats that target users of a
company's websites and mobile apps. What's needed instead is an
'Advanced Detection' model that can automate the monitoring and
discovery of risks outside the firewall," said Jon Oltsik, Senior
Principal Analyst at ESG. "The RiskIQ technology supports Advanced
Detection by enabling organizations to automate the continuous discovery
and scanning of web and mobile app properties associated with their
brand. By doing so, they can detect threats that put their customers at
risk. In this way, RiskIQ can help address fraud and other types of
attacks that are carried out by compromising a company's online assets."
In a recent assessment of the more than 27,000 websites associated with
the top five healthcare companies in the US, the RiskIQ service
discovered that 16 percent had broken SSL certificates and 77 percent
contained pages that were either inactive, redirecting traffic r
broken. This snapshot illustrates the scale of the problem that large
companies face in trying to keep track of their legitimate web
properties, police them for malware and identify sites that may be
impersonating their brand.
Real Time, Automated, Global Discovery
The RiskIQ platform
deploys a worldwide network of software-based virtual users to
automatically discover and inventory websites, online ads and mobile
apps that are legitimately or fraudulently linked to a company or any of
its brands. RiskIQ's continuous discovery capabilities can identify all
instances associated with a company on the internet including those on
third party sites, in embedded and referring URLs, and across 90
different app stores.
Session and DOM Capture
For each discovered asset, RiskIQ
automatically captures full session and document object data (DOM) to
create a dynamic inventory of its attributes (registration date, owner,
geography, etc.). This global visibility enables organizations to
conclusively know and manage their web and mobile foot print.
Risk and Malware Detection
To pinpoint a company's web and
mobile assets that are posing a risk to its customers, RiskIQ's virtual
user software interacts with web pages, launches mobile apps and follows
embedded URLs the way a human user would. This technology disarms
evasion techniques used by malware to hide from traditional web crawlers
and mobile app scanning agents. RiskIQ automatically and continuously
assesses/classifies each web page for the presence of malware, malicious
advertisements, capturing of personally identifiable information, etc.
It also discovers copycat, malicious and data stealing mobile apps.
"For most companies, maintaining an inventory and policing their
websites and mobile apps for malware and brand infringement is manually
impossible. Nevertheless, they're still responsible for detecting and
taking down threats that place users at risk," said Elias Manousos, CEO
of RiskIQ. "We enable companies to immediately regain visibility and
control over their web and mobile resources, including those that are
usurping their brand, to keep them free of malware and other threats."
Threat Intelligence and Analytics
To help enterprises
manage, audit and uncover threat patterns across their web and mobile
assets, RiskIQ provides an intelligence and analytics dashboard
populated with three years of current and historical threat data. It
enables users to run Big Data queries across their web and mobile assets
for expired SSL certificates, third party scripts and cookies, instances
of malware, typo squatting, exploit kits and more. RiskIQ can be used to
discover co-occurrences, such as the presence of a specific malware
across all assets, and to perform compliance assessments.
Availability and Pricing
The RiskIQ platform for Web and
Mobile is available immediately from RiskIQ and its business partners.
Pricing is based on volume and frequency of examined assets.
RiskIQ detects online threats that exploit
customers and damage enterprise brands. The company discovers and
continuously analyzes web and mobile assets from the user perspective to
detect malware, fraud and brand infringements. RiskIQ's cloud service is
used by eight of the 10 largest financial institutions in the U.S. and
five of the nine leading Internet companies in the world. The company is
headquartered in San Francisco and is backed by Battery Ventures and
Summit Partners. To learn more about RiskIQ, visit www.riskiq.com.
[ InfoTech Spotlight's Homepage ]