Seattle, WA – March 13, 2018 DomainTools, a leader in domain name and DNS-based cyber threat intelligence, today launched the DomainTools App for QRadar, which integrates with IBM security intelligence technology to enable threat hunting and thorough incident response. The solution is powered by DomainTools’ proprietary risk scores and comprehensive domain profiles applied at enterprise scale to create on-site threat intelligence from proxy, DNS and email log data.
The new application is freely available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the security community will help organizations adapt quickly and speed innovation in the fight against cybercrime.
The DomainTools App leverages IBM QRadar, the company’s security intelligence platform which analyzes data across an organization’s IT infrastructure in real-time to identify potential security threats. Leveraging QRadar’s new open application programming interfaces (API), DomainTools App for QRadar allows DomainTools and IBM customers to respond to advanced threats with:
- An actor-centric security posture, focused on domain names, not just IP addresses
- Attribution to reveal targets & motives
- Internally sourced threat intelligence
- Centralized logging with event decoration
- A focus on more durable TTPs
“Effective SOC managers understand that letting their team go ‘looking for trouble’ can uncover advanced threats. But teams need guidance to perform threat hunting efficiently, and they need a good starting point,” says Mark Kendrick, Director of Product Integrations at DomainTools. “The DomainTools App for QRadar can give them that – simply by examining lists of unusual domain registration patterns, a SOC manager can dispatch a team member to dig into the events behind these anomalies.”
Advanced threats are organized groups of real people, so mature security teams take an actor-centric approach. They care less about IP addresses and more about names and email addresses. Since advanced groups try to avoid re-using malware and infrastructure, traditional blocklists are not as effective. Instead, teams source their own threat intelligence by aggregating logs across their organization, especially web proxy and DNS logs. This is critical because these actors are hard to detect and have long dwell times in victim networks. Finally, since IOCs (Indicators of Compromise) shift quite rapidly, making them difficult and expensive to correlate with published threat intelligence, top organizations focus instead on the actor’s tactics, techniques, and procedures, or TTPs, which change less frequently and, with the right data, can be detected more precisely.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter:@domaintools
About IBM Security
IBM’s security platform provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM operates one of the world’s broadest security research and development, and delivery organizations. For more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.