DomainTools Iris Investigation Platform combines
enterprise-grade domain intelligence and risk scoring with passive DNS. Domain
Tools has longevity on its side – having been around for approximately 18 years
and collecting data around all public domains on the Internet for that entire
period. The depth and breadth of data serves as a big differentiator for this
company and can’t be easily duplicated by competitors. The DomainTools database
contains approximately 330 million domains, each composed of multiple data
points. This is primarily a web product although API support is offered.An investigation platform sits on top of
up-to-the-minute data in the company’s domain database. Because the database
includes expired domain data over an 18-year time period the platform can
cross-reference both historical and current data. Robust, enterprise-grade APIs
power everything in the platform, allowing it to tag domains and generate data in
a more investigative fashion. A Domain Risk Score identifies the likelihood that
a domain has malicious intent. The scoring leverages domain blacklists that it
cross-references based on machine learning classifiers of the suspects. There
are several ways to create a risk score. Three machine learning classifiers try
to predict if a domain looks nefarious early in the lifecycle of a threat by referencing
blacklisted domains. Proximity scoring brings in several blacklists daily and
scores are accompanied by supporting evidence.An Omni Box allows analysts to search domains,
IPs, physical addresses, mail servers and the like from which they can easily
pivot Historical search functionality through a Search History bar allows
analysts to follow a breadcrumb trail and see how they pivoted from search to
search. Guided pivots help analysts decide where to pivot to likely lead to
something noteworthy. A “Missing” button shows analysts what criteria
is already included in a search along with what they potentially should add.
Other analysts logging in can see the investigation that was performed as well
as step through the path taken by an investigating analyst. Si nce the platform
is a collaborative tool, this functionality is extremely helpful and, additionally,
allows analysts to share investigations with a team and save them for the next
analyst.Analysts can confer read-only access to
investigations. They can create PDF reports that show the visualization tool as
well as all the notes pertaining to an investigation and apply the desired
level of access to each investigation as it is shared.Instead of simply consulting transparency logs, DomainTools
combs all SSL certifications and attempts to ascertain how they are used. This
database allows analysts to explore potential relationships between datasets
and events, even pivoting from one entry to see other domains using the same SSL
certifications. Analysts can use the information to dive as deep into the certs
as they wish.Starting price is $50,000. Basic, no-cost support is offered with all enterprise packages, 8/5. Phone, email and website support include FAQs and a knowledgebase. Also offered are free, monthly recorded webinars for investigation improvements; and user guides for in-depth review of features and functionality. Tested by: Tom Weil
Content
DomainTools Iris Investigation Platform 3.0
Product title
DomainTools Iris Investigation Platform 3.0
Product info
Vendor: DomainTools
Contact: www.domaintools.com
Product: Iris Investigation Platform 3.0
Price: $50,000
Strength
DomainTools has collected data around all public domains on the Internet for 18 years.
Weakness
None that we found.
Verdict
DomainTools Iris Investigation Platform combines enterprise-grade domain intelligence and risk scoring with passive DNS.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds