Review: Gazing through a hacker’s lens with RiskIQ Digital Footprint

Requiring no setup or installation, Digital Footprint scans for vulnerability information from outside the firewall ... just like a potential attacker would.

scanning the internet malicious magnifying glass
Getty Images

Whenever skilled attackers decide to attack a network, the first phase is normally reconnaissance. They either scan a network looking for vulnerabilities, or do penetration testing by hand, trying to get an inside look at individual systems that can be easily attacked or exploited. Not every hacker group works this way, but the majority of the most successful ones follow this pattern, especially for targeted attacks.

Perhaps surprisingly, there is a lot of information about most pieces of network infrastructure that is easily available to those who know how to scan for it. Because hardware like servers, networking gear and even internet of things (IoT) devices are connected to the internet, they can be scanned and cataloged from outside their protecting firewalls. Sometimes, they even offer up information about themselves in response to a ping, as this is a requirement of their communications function.

That is where the RiskIQ Digital Footprint tool comes into play. It can scan an entire network, no matter how large, and provide a wealth of information that would be like gold to a hacker. It will point out what servers are running outdated operating systems, which ports on each device are open, what assets have extra DDOS protection, how many computers have unpatched security flaws and a host of other vulnerability information.

One thing that sets the RiskIQ Digital Footprint apart from just about every other security program reviewed for CSO magazine is the setup and installation phase. There is none. Digital Footprint scans for vulnerability information from outside the firewall, just like a potential attacker would.

Organizations can buy a one-time Digital Footprint scan from RiskIQ, which would generate a detailed snapshot of network vulnerability. A continuous monitoring option is also available that additionally shows vulnerabilities over time, including an overall health score and the upwards or downwards trend as fixes are made and new vulnerabilities arise. In either case, pricing is based on the number of network assets being scanned. There is no physical setup, only a little bit of labor to configure the scan to catch all network assets within its net.

RiskIQ Digital Footprint John Breeden II/IDG

Using the continuous monitoring option will slowly move the overall heath score up or down in response to new vulnerabilities or completed fixes, so users always know if their organization is moving in the right direction on cybersecurity.

For the testing, a government agency with an extensive public presence was used as the target, as well as a private testbed setup populated with specific vulnerabilities. The government agency was not a current customer of RiskIQ, though that didn’t matter because the scanner was simply collecting vulnerability information that was either accessible from the internet with no special permissions, or offered up by the agency’s own servers in response to Digital Footprint’s query.

To continue reading this article register now

The 10 most powerful cybersecurity companies