© 2024 DomainTools
DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.
DomainTools Reports
The DomainTools Report: Spring 2024 Edition
The Spring 2024 DomainTools Report explores 6 features of malicious activity. See how we analyze the data and a preview of findings from the full report.
Best Practice Guide Healthcare
Ransomware, BEC attacks, and other cyber threats pose significant risks against the Healthcare sector. This Best Practices Guide offers insights for defenders to protect patients and data.
Best Practice Guide Retail
In this Best Practices Guide, we offer insights into the cyber threats facing the retail sector, what the landscape looks like for defenders, and how security teams are makingeffective use of adversary infrastructure analysis to gain an edge.
Best Practice Guide Financial Services
In this Best Practices Guide, we offer insights into the cyber threats facing the financial sector, what the landscape looks like for defenders, and how security teams are making effective use of adversary infrastructure analysis to gain an edge.
Building a Secure VPS Server Under Debian 11
In this report, we discuss the details necessary to bring up a functional and secure Virtual Private Server (VPS).
Best Practices Guide Federal Government
The government sector is not immune to the evolution of cyber threats. In this best practices guide, DomainTools shares how security teams are making effective use of adversary infrastructure analysis to gain an edge.
Best Practices: How to Leverage Domain and DNS Intelligence for OEMs
Download this eBook to learn more about how OEMs benefit from licensing and integrating with DomainTools Intelligence Feeds, Monitors, APIs, and Farsight DNSDB query capabilities.
IPV4 Address Space in DNSDB
In this White Paper, we update and extend an earlier IPv4 study to focus on the aggregated cache miss counts associated with each /24 netblock for the entire Internet IPv4 space.
Zero Trust and DomainTools
DomainTools variety of tools and data to help security teams in their Zero Trust initiatives.
Speeding Up DNSDB Queries via Parallelization
Joe St Sauver shares an iterative approach to easily implement parallel query streams in DomainTools Farsight DNSDB Passive DNS API using both dnsdbq and using DNSDB API via Python3.
The DomainTools Report: Spring 2023 Edition
The Spring 2023 DomainTools Report explores 6 features of malicious activity. See how we analyze the data and a preview of findings from the full report.
The Economic Benefits of DomainTools Internet Intelligence
Earlier detection and more comprehensive domain intelligence from DomainTools avoids organizational risk and improves security team efficiency, helping teams identify more malicious threats faster.
Comparing Images Such as Screenshots Using Perceptual Hashes
While investigating websites, analysts often acquire images, either as individual files from the sites or as screenshots (perhaps from Iris Investigate). The question is then “Can we identify images that are similar to each other?” Perceptual hashes are a popular approach to assessing visual similarity. We demonstrate use of perceptual hashes for some sample images (including showing their robustness to small changes), and then apply the technique to a set of gambling-related domains.
SANS Top New Attacks and Threat Report
Read this report for a baseline of statistics from reliable sources of breach and malware data as well as summarized expert advice detailing the emerging threats to look out for in 2022 and beyond.
Domains That Begin With A Digit
Risk management is central to modern operational cybersecurity practice. DomainTools currently uses a proprietary machine learning model to compute risk scores for effective 2nd-level domains. This comparative case study looks at risk scores for domains whose names begin with a digit, aggregating and visualizing those risk scores on an autonomous system-by-autonomous system basis using violin plots. ASN-by-ASN subscore visualizations are also provided to help the reader understand the security dimensions that may be driving the overall risk score.
Dealing With Short Search Terms
Farsight Security’s DNSDB® Flexible Search enables users to cover more ground in passive DNS searches and this whitepaper exposes users to issues that can arise.
DomainTools Report: Fall 2021 Edition
The DomainTools Report for Fall 2021 examines six domain characteristics to identify hotspots of suspicious or malicious online activity associated with them.
Domain Blooms: New Method of Detecting Trending Bad Domains
The most recent DomainTools Report examines patterns of domain creation with an emphasis on malicious domains surrounding major societal events.
The DomainTools Report Supplement: New Patterns in Phishy Domains
We conducted research to identify which, if any, affixes portend higher risk, and published data demonstrating which affixes were most represented in domains blacklisted for malware, spam, or phishing.
The DomainTools Report: Spring 2017 Edition
We conducted our annual report to uncover concentrations of badness in top level domains, Whois privacy providers, free email providers, and IP geographies.
The DomainTools Report Supplement: Malicious Domain Affix Patterns
Learn from patterns in domain names themselves to calculate their “signal strength” as an indication of nefarious activity with a focus on affixes in malware, phishing, and spam techniques leveraged by threat actors.
The DomainTools Report: 2015 Special Edition
Dive into the DomainTools Report supplement to learn behaviors of Bulk Domain Registration Agents, real world application of BDRAs, and how to apply this knowledge to your own organization.
Survey Reports
The 2022 Threat Hunting Report
Gain a deeper understanding of the benefits of threat hunting, insights into adversaries, investments for improved threat hunting and more in a comprehensive survey of cybersecurity professionals.
SANS 2021 Threat Hunting Survey
Enjoy the most recent SANS Survey report, cosponsored by DomainTools, to better understand the impact of COVID-19 on threat hunting, the modern hunter’s toolbox, and benefits of threat hunting.
The Impact of the SolarWinds Breach on Cybersecurity
Glean key takeaways from a survey conducted among security professionals in order to provide the infosec community with insights into the cybersecurity world post-SolarWinds.
The 2021 Threat Hunting Report
Gain a deeper understanding of the benefits of threat hunting, insights into adversaries, investments for improved threat hunting and more in a comprehensive survey of cybersecurity professionals.
SANS 2021 Cyber Threat Intelligence Survey
SANS surveyed over 400 cybersecurity professionals to identify the value of cyber threat intelligence and trends in the industry.
SANS 2020 Threat Hunting Survey
Read this 2020 SANS survey report, cosponsored by DomainTools, to better understand the trends, gaps, and team processes within the threat hunting field.
Survey Report: 2020 Cybersecurity Report Card
This paper outlines the results of the DomainTools’ fourth annual Cybersecurity Report Card Survey. More than 500 security professionals about their security posture and asked to grade the overall health of their programs.
The 2020 Threat Hunting Report
Gain insight into the goals, adoption, and benefits of threat hunting in a comprehensive online survey of cybersecurity professionals, technical executives to managers, and IT security practitioners.
2020 SANS Automation and Integration Survey
This SANS Automation and Integration Survey gathered data on 520 respondents and covers key transitions in the field such as increased adoption of dedicated automation solutions & how automation may not reduce staffing needs.
SANS 2020 Cyber Threat Intelligence Survey
SANS surveyed over 1000 cybersecurity professionals to identify the value of cyber threat intelligence (CTI), best practices for defining CTI requirements, and how organizations leverage CTI.
2020 Ponemon Survey Report: Staffing the IT Security Function in the Age of Automation
Read this report to better understand how organizations are addressing the problem of attracting and retaining IT security practitioners and how the adoption of automation and artificial intelligence (AI) will impact IT security.
Survey Report: 2019 Cybersecurity Report Card
This paper outlines the results of the DomainTools’ third annual Cybersecurity Report Card Survey. More than 500 security professionals about their security posture and asked to grade the overall health of their programs.
SANS 2019 Cyber Threat Hunting Survey
Read this SANS report, cosponsored by DomainTools, to learn about trends regarding threat hunting uptake across organizations.
SANS 2019 Incident Response Survey Report
The SANS 2019 Incident Response Survey examines key stats, takeaways, and improvements over last year’s IR survey.
2019 Ponemon Survey Report: Staffing the IT Security Function in the Age of Automation
Read this report to better understand how organizations are addressing the problem of attracting and retaining IT security practitioners and how the adoption of automation and artificial intelligence (AI) will impact IT security.
The 2019 Threat Hunting Report
Gain insight into the goals, adoption, and benefits of threat hunting in a survey conducted by Holger Schulze of the Information Security Community on LinkedIn.
SANS 2019 Cyber Threat Intelligence Survey
SANS surveyed nearly 600 cybersecurity professionals to identify the value of cyber threat intelligence (CTI), best practices for defining CTI requirements, and how organizations leverage CTI.
EMA Security Megatrends Report
Download this report to read up on trends in security operations including roles and responsibilities, tools, and initiatives. This report will help readers understand how to handle threats better, no matter where they stand now.
2018 Threat Intelligence Report
Threat intelligence has become a significant weapon in the fight against cybersecurity threats and a large majority of organizations have made it a key part of their security programs. This report outlines the most common benefits of threat intellige
SANS 2018 Cyber Threat Hunting Survey
Read this SANS report, cosponsored by DomainTools, to learn about trends regarding threat hunting uptake across organizations.
Survey Report: 2018 Cybersecurity Report Card
We surveyed over 500 security professionals to identify what it takes to earn an “A” in cybersecurity.
2018 Osterman Research: Best Practices for Protecting Against Phishing, Ransomware and Email Fraud
Osterman Research conducted a survey specifically for this white paper which highlights best practices for protecting against phishing, ransomware, and email fraud that organizations should consider to bolster their security defenses.
Ponemon Survey Report: Staffing the IT Security Function in the Age of Automation
Read this Ponemon report, sponsored by DomainTools, to better understand how companies are addressing the need to hire and retain qualified IT security practitioners and the effects automation and artificial intelligence (AI) will have on staffing.
2018 Threat Hunting Report
Gain insight into the goals, adoption, and benefits of threat hunting in a survey conducted by Holger Schulze of the Information Security Community on LinkedIn.
EMA Radar for Digital Threat Intelligence Management: Q4 2017
In late 2017, EMA evaluated vendors for their Digital threat Intelligence Management Radar Report. In this report, learn why DomainTools was named the 2017 Value Leader.
SANS 2018 Cyber Threat Intelligence Survey
SANS surveyed cybersecurity professionals to identify how security professionals acquire and use threat intelligence, the value of threat intelligence and CTI’s impact on detection and response.
Survey Report: 2017 Threat Monitoring, Detection and Response
Gain insight from a survey of over 400 cybersecurity professionals to provide a comprehensive snapshot on the evolving threat landscape, threat intelligence, and incident response.
White Papers
SANS 2022 Top New Attacks and Threat Report
Read this report for a baseline of statistics from reliable sources of breach and malware data as well as summarized expert advice detailing the emerging threats to look out for in 2022 and beyond.
Domains That Begin With A Digit
Risk management is central to modern operational cybersecurity practice. DomainTools currently uses a proprietary machine learning model to compute risk scores for effective 2nd-level domains. This comparative case study looks at risk scores for domains whose names begin with a digit, aggregating and visualizing those risk scores on an autonomous system-by-autonomous system basis using violin plots. ASN-by-ASN subscore visualizations are also provided to help the reader understand the security dimensions that may be driving the overall risk score.
Dealing With Short Search Terms
Farsight Security’s DNSDB® Flexible Search enables users to cover more ground in passive DNS searches and this whitepaper exposes users to issues that can arise when working with short or common patterns.
SANS 2021 Top New Attacks and Threat Report
Read this report for a baseline of statistics from reliable sources of breach and malware data as well as summarized expert advice detailing the emerging threats to look out for in 2021 and beyond.
SANS 2021 Report: Top Skills Analysts Need to Master
Gain insight into what top skills security analysts need to master to be effective at defending organizations across endpoints, networks, and the cloud.
Conceptualizing a Continuum of Cyber Threat Attribution
Attribution is a thorny subject in CTI discussion. In this paper, learn about the concept of the attribution continuum and how to maximize analysts decision making and follow-on analysis.
Formulating a Robust Pivoting Methodology
Learn how to develop more accurate pivoting processes to reveal adversary behaviors and identify attacker tendencies.
The Value of Threat Intelligence with DomainTools: Identify Threats 82% Faster
Download this white paper to learn how DomainTools Threat Intelligence solutions can help empower your security teams to identify threats faster, improve productivity and reduce events.
SANS Top New Attacks and Threat Report
Read this report to better understand the top new attacks and threats, gain deeper insight into cybersecurity trends on both the offensive and defensive sides, and get advice on steps enterprises must take to mitigate current and future risks.
Protected Waters: No Spear Phishing Allowed
Blocking against all phishing attempts is costly, time intensive and arguably impossible. This paper will discuss how to get ahead of phishing scams, the spear phisher’s infrastructure and techniques.
Hunting RATs (Remote Access Trojans)
Join Matthew Haynes of Askari blue to learn how to hunt and identify threat actors, better understand the enemy, and defend your network.
Detecting Malicious Domains Using Artificial Intelligence and Machine Learning
Download this white paper to learn more about AI and ML from a security perspective, as well as how to practically apply the principles to spot malicious traffic before it becomes a problem.
Strategies to Vet Your Threat Intelligence and Reduce False Positives
Learn strategies to reduce false positives and models that improve threat hunting and investigation outcomes. This paper will also cover leading tools that help teams make the most of their limited time and resources.
The Value of Threat Intelligence
Learn how to gather actionable threat intelligence resulting in a better understanding of attackers, superior risk assessments, and conducting informed and more effective investigations.
Security Information and Event Management (SIEM) Buyer’s Guide
SIEM solutions have become an integral piece of IT and Security operations. Learn how to evaluate and get started with a SIEM solution.
Security Orchestration Automation and Response (SOAR) Buyer’s Guide
SOAR AND SIEM are complementary platforms that when leveraged properly, enable SOCs and CSIRTs in detecting and responding to events which can lead to being able to measure and reduce MTTD (Mean Time To Detect) and MTTR (Mean Time To Respond).
Powering Incident Response by Operationalizing Threat Intelligence
Discover how to operationalize threat intelligence and learn faster, smarter ways to query, learn from and enrich threat data so it can be put into action.
Developing a Threat Hunting Program Checklist: A 5-Step Guide
This 5-step guide will help you understand how to conduct internal and external threat hunting activities in a programmatic manner as well as help organizations new to threat hunting create the foundations for conducting threat hunts.
SANS Top New Attacks and Threat Report
Read this report to better understand the top new attacks and threats, gain deeper insight into cybersecurity trends on both the offensive and defensive sides, and get advice on steps enterprises must take to mitigate current and future risks.
Post-GDPR Security Investigations
In this white paper, learn four key methods by which threat researchers can perform analysis using techniques like non-registrant based connections, OSINT-backed mythologies, and information sharing.
Defending Against Malicious JavaScript Attacks
JavaScript is one of a number of growing threats to your organization. Download this white paper to understand how attacks are being carried out so that you have proper context on how to address them in your organization.
How Whois Data Ensures a Safe and Secure Internet
Learn how security professionals leverage Whois data in three essential cybersecurity workflows, why Whois data is fundamental to these workflows, and real world examples of public domain ownership data in security functions.
Threat Intelligence Playbook: Making Sense of Indicators
Learn how to uncover some of the most critical insights from your organization’s alerts and indicators that will allow you to shift to a more proactive posture.
Cybersecurity Outlook for 2018
Discover four key cybersecurity concerns that security teams, executives, consumers and government officials can expect to encounter next year.
Carpe Diem: How to Seize the Phish
Fight against phishing with important information relating to phishing trends, tactics, and defensive strategies that will improve your protection against phishing attacks.
Why Retailers Are Losing The Fight Against Online Counterfeiting
Farsight and DomainTools security researchers reveal how cybercriminals are exploiting the Domain Name System (DNS) to commit fraud.
The Rise of Threat Hunting and Why it Matters
Join DomainTools to learn why threat hunting is becoming an important way for organizations to change the way they conceive of and design their cybersecurity operations.
DNS Forensics: Where Intuition Meets Experience
Learn how a DNS-centric approach to unraveling sophisticated attacks can bring stunning results to your cybersecurity strategy.
