Customized Data Delivery for the Advanced Security Organization
RiskIQ provides a license to its Internet-scale, continual collection and data enrichment platform, which enables historical and real-time streaming data for advanced customers with raw data access and onsite hosting requirements. Various onsite setup, integration and support options exist to ensure your project is a success.
Raw data collected by RiskIQ virtual user technology is enriched with meta-data to provide actionable insights and context. The methods used by the virtual users to collect data make it very easy to run post-processing pipeline tests based on a specific security priority.
Reputation Pipeline: The RiskIQ reputation pipeline reports Internet sources that have been associated with malicious activity. When our virtual user data matches any of the data from dozens of threat intel providers and AV scanners currently in the RiskIQ reputation pipeline, the source is appended and the details of what the source flagged are called out in the record.
Behavior Pipeline: The RiskIQ behavior pipeline reports Internet sources that have been seen to exhibit potentially malicious activity. RiskIQ behavior pipeline reports have been tuned over time to understand web threats and identify observables such as compromised sites infecting users, exploit kits, malware and other techniques that are not yet known by public threat intelligence. This proprietary, rolling list of sites is called the ZList.
Structured Data Outputs
The raw and pipeline-tested data from the virtual user interactions is indexed and stored in a normalized format for high-speed access. All records collected are organized in the same way, saving time and allowing developers to focus on their business requirements instead of collecting and structuring data. Dozens of pre-built facets and search make pivoting around the data easy.
Access and Delivery Options
Collected data outputs are available in three different formats:
- WebUI – Available via RiskIQ’s web interface, protected with credentials
- API – XML / JSON via direct access to RiskIQ’s data center, protected by API key
- Data Transfer – Datasets can be transferred to a new host system via Internet or shipped via hard drive
Data may be scoped by geography and update frequency, for example: daily or weekly refreshing.
RiskIQ offers a license to the technology platform and data packages referenced above as a SaaS-hosted, managed or on-premise solution.