Context is Everything: Using DNS to Identify Malicious Infrastructure

Are You Using DNS To Mitigate Future Attacks?

Tens of thousands of domains are registered on the Internet daily for phishing, command and control (C2), data exfiltration, and other illicit activity. Incident response teams, threat intelligence managers, and SOC managers need a complete picture of the infrastructure associated with a threat in order to stop the next attack from the same actor. 

Using Iris Investigate, threat hunters, incident responders, and other SOC personnel can quickly identify malicious infrastructure and mine 20+ years of Whois records to make connections and track threat actors’ campaign evolutions, and assess potential risks.  

Join Tim Helming and Grant Cole for a demonstration of Iris Investigate so you can elevate your security operations and get to the data that matters most. Our presenters will: 

  • Demonstrate how the Pivot Engine and Guided Pivots feature can quickly steer investigators toward the most fruitful paths of discovery 
  • Use Advanced Search and Historical Data to find connected domains and activity clusters
  • Highlight some of the most interesting new features in the recent update to Iris Investigate