Seattle, August 7, 2018 – DomainTools, a leader in domain name and DNS-based cyber threat intelligence, today announced a new integration with Maltego delivered via the latest Iris Investigate API. This comprehensive integration creates a seamless view of data to provide an easy transition from SIEM alert to human analysis. Additionally, it preserves the results of analysts findings for future correlation and ongoing process improvement effectively empowering security teams to map connected malicious infrastructure of domains and IPs on their network.
To fight cybercrime more efficiently this year, over 80 percent of security teams are turning to cyber threat intelligence programs to collect, classify, and exploit known data about adversaries. Time is of the essence to boost efficiency and specifically integrate a variety of data sets to quickly gain context on IOCs, assess risk, and prioritize threats.
The DomainTools Iris Investigation Platform has the unique ability to help security teams profile both domains and adversaries and create a complete map of connected infrastructure starting from a single indicator of compromise (IOC). With this new integration, analysts using Maltego are able to investigate IOCs and IOAs observed on their network and profile domain-based threats using multiple attributes, such as domain risk scores from proximity and threat profile algorithms, Whois, IP, active DNS, and website & SSL data. This integrated approach increases productivity and efficiency of mitigating security incidents.
Iris Investigate API benefits include:
- Multiple datasets, including the world’s largest database of domain profile and Whois data, IPs and hostnames, Google Analytics code, and SSL certificate profiles.
- Connected infrastructure on nearly every field, allowing for ongoing monitoring of threat actors and actor groups for proactive blocking and alerting.
- The ability to drop Iris searches directly on the Iris Investigate API with no other search parameters needed, enabling scenarios where Iris user interface co-exists with solutions built on the Iris Investigate API.
- Threat intelligence, malware and hunt teams can leverage the Iris user interface to find intersection points between previously published intel and newly-discovered actor infrastructure to monitor new domains.
“We’re making it easier for security professionals to be successful with the tools they’re already using to profile threat actors and map dangerous domain infrastructure,” said Mike Jones, Vice President of Product at DomainTools. “The pivoting capabilities in our Iris platform have proven to streamline investigations and the Iris APIs will deliver those same benefits to the third-party product integrations of today and of the future.”
For additional information on DomainTools Iris Investigation Platform, please visit: https://www.domaintools.com/products/iris. For more information on the DomainTools Iris API or the integrations with Maltego, please visit: their recent blog
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at https://www.domaintools.com/ or follow us on Twitter: @domaintools.