Proactive Threat Defense with DomainTools Integration with the CrowdStrike Falcon platform
As organizations struggle to defend against an increasing barrage of sophisticated threats, one of the most common approaches we’ve seen is to layer disparate cybersecurity products that don’t integrate seamlessly—resulting in a complex security stack that can take an army of security professionals to manage and maintain.
CrowdStrike, a global cybersecurity leader, is redefining security for the cloud era with an endpoint and workload protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints and workloads on or off the network.
DomainTools Integration with CrowdStrike Falcon platform
CrowdStrike’s new context enrichment feature in the Falcon platform solves these challenges by providing a unified console that allows other threat intelligence vendors to make their data available alongside Falcon detections and incidents and also provide contextual enrichment. For advanced and deeper analysis into security artifacts, users can pivot to a third-party console—via Falcon’s management console—to gain additional threat insights. Context-rich threat intelligence data from DomainTools will help you correlate and triage alerts faster, accelerating incident investigation and response.
How does it Work
DomainTools Iris accesses the investigated domain indicators of compromise (IOCs)—observables from the Falcon environment—to retrieve relevant DNS intelligence from the DomainTools platform. You can contextualize and profile domains inside Falcon, add actionable Risk Scores and Threat Profile intelligence to domain indicators, and extend your investigations from Falcon without losing context via direct integration into DomainTools Iris.
This new integration provides the following benefits:
- Context enrichment: Context-rich threat intel data from DomainTools helps you make instantaneous decisions on domain indicators—even if they’ve never before been detected in an attack.
- Time-to-value: The seamless, built-in integrations bring in rich data including IP addresses, hashes, domains, and more—cutting the time required to triage and remediate.
- Simplified layered defense: Simply your security stack while staying ahead of sophisticated adversaries with the integration of predictive risk indicators and easy access to contextualized threat intelligence.
Who Benefits from Threat Intelligence Enrichment
Organizations across all different market segments and verticals benefit from enrichment of threat data to better understand their attackers, respond faster to incidents and proactively get ahead of a threat actor’s next move. For SMBs, this means helping them achieve a level of protection that would otherwise be out of reach. On the other hand, enterprises with large security teams can reduce the cost and required skills by leveraging external threat intel and making their analysts more effective. This advantage extends across Security and IT analysts, security operations center (SOC) teams and executives in the security teams.
About the CrowdStrike Store
The CrowdStrike® Store provides a strategic choice of vendors and security technologies to our customers, managed through a single cloud platform. All CrowdStrike Store applications leverage our powerful lightweight agent that provides rich endpoint telemetry to the Falcon cloud-native platform.
The CrowdStrike Store is focused on delivering a frictionless consumption of curated third-party applications for our customers, leveraging the power of our extensible platform architecture and rich threat intelligence data. The CrowdStrike Store provides auto-provisioning of in-app trials to allow you to easily deploy and try an app before investing.
Find out how to trial and purchase DomainTools Iris App on the CrowdStrike Store.