The RiskIQ Intelligence integration combines and enriches Microsoft’s Security Ecosystem and Azure Sentinel with petabytes of external Internet security intelligence collected by RiskIQ over more than a decade. Connecting RiskIQ’s Internet Intelligence Graph with Microsoft’s Security solutions provide crucial external context to all internal IOC’s and incidents. This context helps security teams understand how internal assets interact with external infrastructure so they can better detect and prevent attacks and know if they’ve been breached.
Integrating RiskIQ intelligence into Microsoft Azure Sentinel’s cloud-native SIEM platform accelerates and enriches incident response via automation, and opens new avenues of research. Security teams can identify and block new threat infrastructure that’s part of attacks against their organization that they wouldn’t otherwise know existed. This added visibility helps them identify gaps between the internet infrastructure they can see connected to their endpoints, and what they can’t, which gives them a detailed picture of their attack surface—just as attackers see it.