Iris Investigation Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)DomainTools
Company size (employees)50 to 99
Type of solutionCloud/SaaS

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

1.) Breadth and Depth of data: Over 300 million known domains in DNS, 10 billion Whois records, 4 billion IP Address change events and 3 billion Name Server change events. The passive DNS datasets in Iris, from Farsight Security and others, are best-in-class resources to help analysts profile adversaries. Adjacent data sets help ‘Connect the Dots’ across host server IP address, registrant data, name servers, mail servers, SSL, SOA records and more.

2.) Investing in our customers is a priority at our organization. This commitment to our 500+ customers resulted in a 92% client renewal rate in 2018. Karina Sinclair, Chief Operating Officer at G2 Web Services concurs “DomainTools has become our ally on multiple fronts. The team provides us guidance for new ways to use the technology, and is eager for our feedback on how the tools are working for us. Beyond that, they have been a great partner in helping us follow, respond to and manage the evolving state of Whois regulations, which can significantly impact the way we serve our clients. Not a lot of vendors will go the extra mile like DomainTools has.”

3.) The addition of our machine learning product, DomainTools Risk Score within our Iris product: Most Threat Intelligence products focus on malware analysis and sharing of information characterizing malware. Domain and DNS data can be used predictively—before any malware has caused damage—to identify and block IPs and domains held by threat actors.

Brief Overview

Iris is powered by numerous data sources and allows customers to turn threat intelligence into actionable insights. Access to domain and DNS data at scale arms security analysts with critical knowledge throughout their investigations. Investigations powered by DomainTools not only allow organizations to assess whether or not an indicator identified on a network is malicious, but to identify connected malicious infrastructure and prevent future attacks.

These types of forensic investigations are only as good as the volume and quality of threat intelligence data. Because of the breadth and depth of our data, we are able to help investigators identify relationships between domains like common registrant owners, shared infrastructure, and common communications. Peter Allwright of Horizon Forensics and his organization have experienced this value first-hand: “Iris was an absolutely critical resource in this particular investigation and we are confident that it will be at the center of many future projects. DomainTools didn’t just help us generate more frequent leads for our team, it enabled us to quickly pivot on the different data points so we could elevate the most relevant pieces of evidence and provide a much clearer overall picture.”

One top level goal in terms of delivering value to our customers is to empower security professionals to get ahead of attacks. A CISO at a large Metropolitan Government Agency highlights DomainTools role in predicting threats before any damage is done: “DomainTools not only provides our team with better overall threat intelligence but it has also empowered our team to more accurately assess and score the risk represented by coordinated threat actors. As a result, our small team is even more agile and responsive to the many agencies and constituents that we serve on a daily basis.”