RiskIQ is a San Francisco–based cybersecurity company that builds Attack Surface Management (ASM) and internet threat intelligence products to discover, monitor, and remediate external-facing risks across web, mobile, and social channels; it was founded in 2009 and acquired by Microsoft in 2021.[1][3]
High-Level Overview
- Concise summary: RiskIQ provides SaaS products that map and monitor an organization’s internet-facing assets, correlate malicious infrastructure and indicators, and deliver threat intelligence and remediation workflows to reduce external attack surface and brand abuse risk.[1][3]
- What product it builds: RiskIQ’s core offerings are Attack Surface Management, internet reconnaissance and threat intelligence services that crawl and index web pages, mobile apps, and social assets to identify fraud, phishing, malware, and exposed or shadow IT assets.[1][5]
- Who it serves: Large enterprises across Financial Services, eCommerce, Technology, Healthcare, Government and other sectors, plus security teams, analysts, and incident responders at those organizations.[1][2]
- What problem it solves: It helps security teams find unknown or unmanaged internet-facing assets and link them to attacker infrastructure so vulnerabilities and compromises can be prioritized and remediated before exploitation.[1][3]
- Growth momentum: RiskIQ scaled from a startup (raising funding from firms such as Summit Partners and Battery Ventures) to serving hundreds of enterprises and thousands of security analysts, and was acquired by Microsoft to fold its ASM and threat-intel capabilities into Microsoft Security offerings.[5][3]
Origin Story
- Founding and founders: RiskIQ was founded in 2009 by Elias “Lou” Manousos, Chris Kiernan, and David Pon in San Francisco.[4][6]
- Founders’ background & idea emergence: The founders built the company around the insight that most attacks originate outside the firewall and that enterprises needed comprehensive internet-wide visibility—so they developed large-scale internet crawling, telemetry aggregation, and analytics to expose attacker infrastructure and customer-facing exposures.[4][1]
- Early traction and pivotal moments: Early venture rounds (including Series A and later growth funding from Summit Partners and others) supported expansion of its scanning and analytics capabilities; key milestones include broad enterprise adoption, the PassiveTotal researcher community, and the 2021 acquisition by Microsoft to integrate RiskIQ’s ASM and threat intelligence into Microsoft’s security portfolio.[5][4][3]
Core Differentiators
- Comprehensive internet-scale data collection: RiskIQ operates large-scale web and mobile app crawling and telemetry to assemble a wide view of internet-facing assets and adversary infrastructure.[1][4]
- Integrated ASM + threat intelligence: It pairs attack-surface discovery with adversary infrastructure mapping and indicators of compromise so teams can see both their assets and attacker behaviors in one view.[1][3]
- SaaS analytics and automation: The platform emphasizes automated asset discovery, correlation models, and machine-learning–driven analytics to reduce manual triage for security teams.[1][4]
- Research community and historical context: RiskIQ’s PassiveTotal and large datasets give analysts historical context and crowd-sourced contributions for investigations and attribution.[3][4]
- Enterprise trust and scale: Adopted by hundreds of enterprises (and thousands of security analysts) prior to acquisition, signaling product-market fit for large, complex environments.[1][2]
Role in the Broader Tech Landscape
- Trend alignment: RiskIQ rides the broader shift to Attack Surface Management, Zero Trust, and cloud/hybrid architectures where the perimeter is effectively the public internet and visibility beyond the firewall is essential.[3][1]
- Why timing matters: As organizations moved workloads to multiple clouds and remote/hybrid work expanded, unmanaged assets and supply-chain exposures grew—increasing demand for continuous external discovery and intel-driven remediation.[3][1]
- Market forces in their favor: Rising phishing, supply-chain attacks, and widespread use of third‑party services make internet-wide reconnaissance and automated risk prioritization a must-have for security programs.[1][3]
- Influence on ecosystem: RiskIQ helped normalize ASM and provided datasets and tooling used by security operations, threat intelligence, and incident response communities—its integration with Microsoft amplifies ASM’s reach through large enterprise security suites.[4][3]
Quick Take & Future Outlook
- What’s next (post‑acquisition trajectory): Integrated into Microsoft Security, RiskIQ’s capabilities are likely to be embedded across Microsoft Defender and Azure security tools, widening deployment but also shifting product direction from standalone SaaS to platform-integrated services.[3]
- Trends that will shape the journey: Continued emphasis on attack surface coverage (including shadow SaaS, CI/CD pipelines, and IoT), automated remediation, and tighter alignment between ASM, XDR, and cloud-native security controls will drive feature evolution.[3][1]
- How influence may evolve: With Microsoft’s scale, RiskIQ’s data and analytics could become a backbone for broader industry telemetry-sharing and automated prevention workflows, accelerating enterprise adoption of proactive external threat visibility.[3][1]
Quick take: RiskIQ helped define and commercialize internet-scale attack surface management and threat intelligence; acquired by Microsoft, its core strengths in discovery, datasets, and adversary mapping are positioned to scale within a major security platform—making external attack-surface visibility a standard capability for large enterprises rather than an add-on niche.[1][3]
