Additional Info

CompanyRiskIQ
Websitehttps://www.riskiq.com/
Company size (employees)100 to 499

Overview

PassiveTotal provides access to the most comprehensive internet data sets available to map threat infrastructure and provide unparalleled context and intelligence to internal events and incidents, automatically aggregating and correlating data about a security event that would otherwise take an analyst days or hours of manual analysis. For over 13,000 users, PassiveTotal simplifies and accelerates event investigation and intelligently consolidates and analyzes data from multiple data sources into a single pane of glass. Of 320 surveyed PassiveTotal users, 84% find PassiveTotal more comprehensive than other security data sources.

One of the unique capabilities that sets PassiveTotal apart is its ability to alert analysts of infrastructure changes based on collected data sets and most recent scans. PassiveTotal has continued to build on this monitoring framework and supports a wide range of query types focused on newly observed host domains and WHOIS registrant data. Additionally, PassiveTotal is the only platform in which users looking to monitor specific indicators or keywords can be alerted when changes are detected.

For years, PassiveTotal has provided analysts with tools to classify or tag infrastructure items. Now, it’s the only platform offering full collaboration in threat hunting in the form of “projects,” which give users the option to create public or private projects with names, descriptions, collaborators, and monitoring profiles.

Evidence of RiskIQ’s persistent progress is shown by a year-over-year bookings growth of 80 percent across every product in the platform in the first half of 2016. Now, more than 200 enterprise customers, including eight of the 10 largest financial institutions in the U.S. and five of the nine leading internet companies in the world, rely on RiskIQ to protect their digital attack surface.

How we are different

-For over 13,000 users, PassiveTotal simplifies and accelerates event investigation and intelligently consolidates and analyzes data from multiple data sources into a single pane of glass. The world-class platform addresses a larger number of threats in less time than the traditional manual processes employed by investigators. The data that PassiveTotal aggregates and correlates is routinely used by analysts in investigations and can be integrated into other security platforms. Additionally, PassiveTotal supports out-of-the-box integrations with Splunk, QRadar, Maltego, and Phantom, with new integrations being regularly developed


-One of the unique capabilities that sets PassiveTotal apart is its ability to alert analysts of infrastructure changes based on collected data sets and most recent scans. PassiveTotal has continued to build on this monitoring framework and now supports a new range of query types focused on newly observed host domains and WHOIS registrant data. PassiveTotal is the only platform in which users looking to monitor specific indicators or keywords can be alerted when changes are detected.


-One of the primary byproducts from infrastructure analysis is almost always a set of indicators that tie back to a threat actor or group of actors. For years, PassiveTotal has provided analysts with tools to classify or tag infrastructure items. Now, it's the only platform offering full collaboration in threat hunting in the form of "projects," which give users the option to create public or private projects with names, descriptions, collaborators, and monitoring profiles. Visiting a project’s details shows a listing of all associated artifacts and a detailed history that retains all the context needed for one analyst to pick up where another left off. Threat actor profiles can be built within PassiveTotal and serve as a “living” set of indicators. As new information is discovered or found, it can be added to that project.