Custom Internet and Threat Monitoring

Customized Data Delivery for the Advanced Security Organization

RiskIQ provides a license to its Internet-scale, continual collection and data enrichment platform, which enables historical and real-time streaming data for advanced customers with raw data access and onsite hosting requirements. Various onsite setup, integration and support options exist to ensure your project is a success.

Analysis Pipelines

Raw data collected by RiskIQ virtual user technology is enriched with meta-data to provide actionable insights and context. The methods used by the virtual users to collect data make it very easy to run post-processing pipeline tests based on a specific security priority.

Reputation Pipeline: The RiskIQ reputation pipeline reports Internet sources that have been associated with malicious activity. When our virtual user data matches any of the data from dozens of threat intel providers and AV scanners currently in the RiskIQ reputation pipeline, the source is appended and the details of what the source flagged are called out in the record.

Behavior Pipeline: The RiskIQ behavior pipeline reports Internet sources that have been seen to exhibit potentially malicious activity. RiskIQ behavior pipeline reports have been tuned over time to understand web threats and identify observables such as compromised sites infecting users, exploit kits, malware and other techniques that are not yet known by public threat intelligence. This proprietary, rolling list of sites is called the ZList.

Content Pipeline: The RiskIQ content pipeline categorizes the content of a page to aid in detecting potential fraud, scams and malicious content. This can include general categories based on the text inside the page (adult, alcohol, tobacco, firearms), scam categories (content unlockers, cloaked content, deceptive content), fraudulent categories (phishing, domain squatting) and attributes of how the virtual user was commissioned (geographic location, type of data in the record). Virtual users support image recognition based on a percent match to a target image. In addition to what a user would see in the session, the virtual user sees what the browser sees. This allows content-based testing for non-reputational threats in JavaScript or the Document Object Model (DOM).

Structured Data Outputs

The raw and pipeline-tested data from the virtual user interactions is indexed and stored in a normalized format for high-speed access. All records collected are organized in the same way, saving time and allowing developers to focus on their business requirements instead of collecting and structuring data. Dozens of pre-built facets and search make pivoting around the data easy.

Access and Delivery Options

Collected data outputs are available in three different formats:

  • WebUI – Available via RiskIQ’s web interface, protected with credentials
  • API – XML / JSON via direct access to RiskIQ’s data center, protected by API key
  • Data Transfer – Datasets can be transferred to a new host system via Internet or shipped via hard drive

Data may be scoped by geography and update frequency, for example: daily or weekly refreshing.

RiskIQ offers a license to the technology platform and data packages referenced above as a SaaS-hosted, managed or on-premise solution.

Scroll to Top