DomainTools Iris Investigation operates as a proprietary intelligence platform that gathers and processes vast amounts of information on the internet. It combines enterprise-grade domain intelligence and risk scoring with passive DNS data from third-party providers to help predict, detect, and monitor malicious infrastructure effectively. With Iris Investigation, security teams have the ability to gain immediate context on and visibility into threats, accelerating risk assessments and incident responses and improving overall security postures.

Security researchers at DomainTools have been collecting WHOIS and pDNS data for nearly two decades, giving them a competitive advantage over other companies in the market. Because of its maturity, DomainTools can help security teams gain insight into the goals of the threat actor groups attacking their environments and the tactics these groups employ to accomplish such goals. Iris Investigation can account for all newly registered and discovered domains in a timely manner, provide efficient updates on the backend, and continuously monitor them for changes. This combination gives users confidence in the data this solution delivers, a confidence reinforced by the company’s 95 percent accuracy rating of currently registered domains reinforces.

Iris Investigation offers a customizable and easy-to-use dashboard that delivers risk scores that analysts may explore further for more information regarding known blacklists. It also offers an indicators of compromise search from which analysts may create a new investigation, open an existing one, or simply conduct an external search.

The Visualization Pane identifies attack patterns in the components of an investigation or other related pieces of infrastructure. This view can then highlight clusters of patterns and filter out known properties to arrive at the most relevant information quickly and effectively. Analysts may view any individual domains or subdomains that are sending traffic, a helpful feature for delving into the infrastructure of attacks.

Iris Investigation empowers analysts to assess risk quickly, using enhanced intelligence of all logs, files, and indicators of compromise and guided pivots that map connected infrastructure components. Such guided pivots assist analysts in uncovering indicators of compromise related to relevant threats and other associated domains. The guided pivots also include SSL hashes that can aid with proactive blacklisting based on predictive malicious domain risk scores. The predictive scores can then mitigate the risks from new and unknown domains.

Analysts have access to several reporting options. They can download the results of an investigation directly from the platform to capture all components of an investigation. They can also export them, or print any tab from the Inspect Pane. All these options let analysts manage their data in a way that maximizes visibility and efficiency.

Overall, security pros will find Iris Investigation Platform a useful tool that invites collaboration, especially in analyzing the risk of an IP address or website. The ability to dive into past registration information and all domains at any point in time lets analysts surface granular intelligence for use in investigations. This information lets them identify threat actors and the malicious tactics they employ. Iris Investigation integrates otherwise disparate systems, enriches information and surface correlations with guided pivots, and highlights the pieces of information most relevant to user organizations.

Packages start at $25,000 and includes 12/5 phone, email, and website support. Organizations also have access to a well-documented knowledgebase that has tutorials, walkthroughs, and an FAQ list.

Written by Katelyn Dunn

Tested by Tom Weil