Package image for RiskIQ (Microsoft) Digital Threat Management

RiskIQ (Microsoft) Digital Threat Management

Threat Research

RiskIQ (Microsoft) Digital Threat Management

Threat Research

Description

You cannot defend an attack surface you do not know exists. RiskIQ, acquired by Microsoft in 2021, pioneered the discipline of external attack surface management (EASM), continuously discovering internet-facing assets that organizations did not know they had: forgotten subdomains, shadow cloud instances, exposed APIs, and third-party integrations leaking data to the open web. That technology now powers Microsoft Defender External Attack Surface Management, giving security teams the attacker's view of their digital footprint and the intelligence needed to reduce it before someone else exploits it.




TL;DR



  • Pioneer in External Attack Surface Management (EASM), acquired by Microsoft in 2021
  • Technology now powers Microsoft Defender External Attack Surface Management
  • Discovers unknown, unmanaged internet-facing assets without requiring agents or credentials
  • Daily internet scanning builds a complete catalog of your external digital footprint
  • Integrates with Microsoft Defender Threat Intelligence for enriched threat context





"Microsoft Defender External Attack Surface Management discovers unknown and unmanaged resources visible and accessible from the internet, essentially the same view an attacker has when selecting a target."




Microsoft as reported in
InfoQ




The platform works by scanning the entire internet daily, mapping infrastructure connections, DNS records, certificates, WHOIS data, and service banners back to your organization. It discovers assets that traditional asset inventory tools miss entirely: cloud resources spun up outside IT governance, development environments left exposed after testing, acquisitions whose infrastructure was never fully cataloged, and third-party services that inadvertently expose your brand. Each discovered asset is assessed for vulnerabilities, misconfigurations, and exposure risk, creating a prioritized remediation queue that focuses security teams on the assets most likely to be targeted.




Pro Tip: Run EASM Before and After Acquisitions


Mergers and acquisitions routinely introduce unknown attack surface. Run a Microsoft Defender EASM discovery immediately after any acquisition to catalog the acquired company's internet-facing assets before they become your inherited vulnerabilities.




The Microsoft acquisition transformed RiskIQ from a standalone product into a component of the broader Microsoft Defender ecosystem. Researchers from RiskIQ's team, combined with Microsoft's Threat Intelligence Center (MSTIC) and Defender 365 teams, now staff the Microsoft Defender Threat Intelligence product, which enriches EASM findings with context about active threat campaigns, known attacker infrastructure, and indicators of compromise. For organizations already invested in the Microsoft security stack, Defender EASM integrates naturally with Sentinel, Defender for Cloud, and Microsoft Purview, creating a unified view of both internal and external security posture.




Key Takeaways



  • Attacker's View: Discovers your internet-facing assets the way an attacker would find them
  • Agentless Discovery: No agents or credentials needed; continuous internet-wide scanning
  • Microsoft Integration: Part of Defender ecosystem with Sentinel, Defender for Cloud, and Purview
  • Threat Enrichment: EASM findings linked to active campaigns via Microsoft Threat Intelligence




Frequently Asked Questions



Is RiskIQ still available as a standalone product?
RiskIQ was acquired by Microsoft in 2021. Its technology now powers Microsoft Defender External Attack Surface Management and Microsoft Defender Threat Intelligence within the Microsoft Defender product family.
What is External Attack Surface Management (EASM)?
EASM continuously discovers and monitors internet-facing assets belonging to your organization, including unknown, unmanaged, and shadow IT resources, providing the external attacker's perspective on your digital footprint.




Sources: InfoQ,
SC Media,
Microsoft Tech Community

Service Type

Service

Alternatives to RiskIQ (Microsoft) Digital Threat Management

or Resecurity Threat Intelligence

About Threat Research

Threat research and intelligence services analyzing emerging threats, malware samples, and attack campaigns. Stay informed about the evolving threat landscape and attacker tactics.
Explore Threat Research

Visit RiskIQ

Learn more about RiskIQ (Microsoft) Digital Threat Management directly from RiskIQ.

RiskIQ Official Site

Key Capabilities

Attack Surface Discovery Threat Intelligence External Threats Digital Footprint