RiskIQ Illuminate Reviews

Working for FortNet UK, we advised customers regarding their specific security challenges and would recommend RiskIQ when appropriate.

We had numerous customers from industries such as retail, media, hospitality, aviation, and finance.

Attack Surface Management provided our customers with visibility on everything in their network and domains - anything publicly-facing on the internet - shows where they have potential vulnerabilities. 

Following the BA Magecart card skimming breach in 2019 (the breach of 500,000 credit cards including CVV numbers) we saw a big surge towards helping customers with transactional websites determine if they had Magecart-style Javascript insertions. Something RiskIQ is very good at detecting, but cannot block. As a Cyber Consultant, we are working with both RiskIQ and other companies that can prevent Javascript from launching.

Every customer got different benefits from the product. However, the key benefits were:

1. 24/7 Visibility of internet-facing assets and corresponding vulnerabilities including shadow IT and legacy IT and unpatched servers that often they didn't even know existed. Visibility of GDPR and other regulatory risks was also possible.

2. Notification of domain impersonation, rogue mobile apps, and social media, and the takedown service of any fraudulent services.

3. Helping companies to integrate their assets into SIEMs such as Splunk and Rapid7.

4. Risk scores and a continuous ability to see if an organization's security posture was improving or deteriorating.

We discovered employees using their corporate email address to register personal websites outside of their employer's corporate security policies. The issue being that if their websites were violating local regulations, the employer became liable.

Other customers found RiskIQ's ability to discover unpatched servers invaluable. An example was when Citrix announced a vulnerability in early 2020. We were able to provide customers with accurate details of unpatched Citrix servers that sometimes the customer didn't realize existed.

A low-cost service to evaluate the risk score of a supply chain would be very helpful.

This could be useful for insurance companies offering cyber insurance to enterprise customers, providing the insurer with a valuable way to unobtrusively, quickly, and frequently assess their customers and apply appropriate premiums for the level of risk. This would also be useful for enterprises. They could, for example, assess companies prior to a merger or acquisition.

What would also be useful for any enterprise would be if their supply chain has some kind of direct digital access to parts of their network.

I worked for RiskIQ for 2 years - between 2018 and 2020.

The solution is stable with 12 years of established historical data.

The product scales from small to enormous, however, the pricing is not suitable for very small companies.

The technical support on offer is good.

We provide advice on numerous solutions.

The initial setup is easy.

Most resellers rely on RiskIQ to provide the expertise.

The ROI is based on the risk of hackers getting access to a company's network if they found a breach that RiskIQ could find. Every company has a different cost associated with a successful breach and therefore would have a different ROI.

The setup costs are relatively straightforward and come at a low cost as most of the data is based on publicly available data. To get the most out of the platform, it is necessary to spend time managing the data.