Why We're Different: The RiskIQ Internet Intelligence Graph


By: Mike Browning, Sr. Manager, Content and PR

The internet is like a tapestry that's ever-expanding in all directions. Each of its components—websites, IP addresses, components, frameworks, and code—are individual threads that are all woven together to create the web as we know it. Being a part of this tapestry isn't a choice; if you have an internet presence, you are interwoven with every other entity on the web, including attackers. Those who understand how these connections work, good guy or bad guy, are the ones who win.

Graphing the Internet and its relationships

Extending security and IT protection outside the firewall requires mapping these billions of relationships between the internet components belonging to every organization, business, and threat actor on Earth. RiskIQ built our Internet Intelligence Graph to prepare enterprises for this reality by enabling them to discover unknowns across their attack surface and investigate threats to their organization.

For more than ten years, RiskIQ has been crawling and absorbing the internet to define the web's identity and composition by fingerprinting each component, connection, service, IP-connected device, and infrastructure to show customers how they—and attackers targeting them—fit within it.

So, what does it take to build this graph and know your real attack surface?”

No-agent virtual users: Building the graph at an enormous scale

RiskIQ's proprietary network of crawlers are “virtual users” that simulate human-web interactions and the full composition of internet assets—no agent required. By interacting with digital and internet assets, our virtual users can extract every attribute that makes up the asset's behavior, including its edge (relational) behaviors.

Human-like behavior: Act natural to evade detection

To avoid detection, RiskIQ's virtual users deploy from hundreds of rotating proxies worldwide, emanating from a combination of residential, commercial, and mobile egress points. Each of these is highly configurable to emulate a wide range of specific human-like behaviors such as scrolling and clicking.

Mass scanning: Soaking up the Internet to build the Graph

RiskIQ collects data at an unmatched scale. Our systems conduct daily scans of more than 228 unique ports and service banners across the entire IPv4 space to collect host data, including when it was first and last seen, service banners, and much more. Each day, RiskIQ's network of virtual users make billions of HTTP requests to map and has mapped 157 billion relationships across the internet.

Infrastructure chaining: Connecting the dots to illuminate the Graph

Web pages are made up of many different remote resources that get assembled to form a cohesive user experience. RiskIQ collection keeps the full HTML of a web page, saving any dependent file used in its loading process. Having a database of these components enables infrastructure chaining, expanding one asset into many based on overlapping details or shared characteristics.

Historical data: Looking back to see what's changed—and how

RiskIQ collection preserves what a page looked like each time it was crawled, so we know how pages have changed, including if they've been compromised.

Tap into the Internet Intelligence Graph

RiskIQ deeply understands the internet and how its threads weave together. Tapping into the graph provides a full picture of the entire internet to show your own organization's internet attack surface, including known, unknown, and attacker-owned assets. This view includes external third-party infrastructure and resources your organization, users, and customers depend on.

Learn More

Sustaining Partners