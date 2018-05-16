"GDPR makes our customers' jobs even harder, but it is a great forcing function for DomainTools to make our products better, faster," said Tim Chen, CEO at DomainTools. "That is why we are introducing these new enhancements – to make sure security teams have the ability to go beyond Whois and map infrastructure, profile bad actors, and defend their networks against them."

Iris, DomainTools' flagship offering, is purpose-built for security analysts and threat hunting teams. It combines enterprise-grade domain and DNS-based intelligence with an intuitive web interface, helping security teams quickly and efficiently investigate and prevent cyber threats. The three new updates enhance analysts' efficiency, accuracy, and risk assessment confidence in a post-GDPR environment.

New SSL/TLS Certificate Data Add Layer of Intel to Investigations

SSL and TLS certificates are open source data that support actor and infrastructure forensics. These certificates are used to help authenticate the identity of a remote computer, such as a Web server. Data from a certificate can help an analyst characterize a domain and find connections between it and other domains referenced in the certificate. All of this helps security pros better understand the scope and threat level of suspicious online infrastructure.

Historical "Reverse Whois" Support

Since 1995, DomainTools has been tracking the Whois history of millions of domains. With this release, Iris queries on registrant information--so-called "reverse Whois" searches--will surface domains that historically matched (or currently match) a given input. Context on historic infrastructure can be very informative to current incident investigations.

Guided Pivots Reveal Path to Threat Infrastructure

The concept of a "pivot," where the analyst finds connections between entities through data points they have in common, is fundamental to DNS-based forensics. With "Guided Pivots," Iris automatically shows the analyst which pivots are most likely to lead to relevant connections. By reducing the number of clicks and dead-ends in an investigation, this "easy button" for threat hunting saves time and raises confidence that the analyst or hunter may find useful forensic data.

"It is, and always will be, our goal to help our customers detect, investigate, and prevent malicious activity online," said Tim Helming, director of product management at DomainTools. "The new capabilities in Iris get at the heart of what matters to threat hunters – a high level of confidence in their assessment of threat actors and risk to their organizations. For example, by finding attack infrastructure that eludes blacklist feeds or otherwise remains hidden, security analysts can configure defenses to stop targeted campaigns, which can pose a significant threat to organizations."

The Iris Investigation Platform is an award-winning cyber threat hunting solution built on the world's largest database of domain profile and DNS-based forensic information. For additional information on DomainTools and Iris, visit: https://www.domaintools.com/products/iris.

