Content

DomainTools Iris Investigation Platform v3.0

Share

DomainTools Iris Investigation operates as a proprietary intelligence platform that gathers and processes vast amounts of information on the internet. It combines enterprise-grade domain intelligence and risk scoring with passive DNS data from third-party providers to help predict, detect, and monitor malicious infrastructure effectively. With Iris Investigation, security teams have the ability to gain immediate context on and visibility into threats, accelerating risk assessments and incident responses and improving overall security postures.

Security researchers at DomainTools have been collecting WHOIS and pDNS data for nearly two decades, giving them a competitive advantage over other companies in the market. Because of its maturity, DomainTools can help security teams gain insight into the goals of the threat actor groups attacking their environments and the tactics these groups employ to accomplish such goals. Iris Investigation can account for all newly registered and discovered domains in a timely manner, provide efficient updates on the backend, and continuously monitor them for changes. This combination gives users confidence in the data this solution delivers, a confidence reinforced by the company’s 95 percent accuracy rating of currently registered domains reinforces.

Iris Investigation offers a customizable and easy-to-use dashboard that delivers risk scores that analysts may explore further for more information regarding known blacklists. It also offers an indicators of compromise search from which analysts may create a new investigation, open an existing one, or simply conduct an external search.

The Visualization Pane identifies attack patterns in the components of an investigation or other related pieces of infrastructure. This view can then highlight clusters of patterns and filter out known properties to arrive at the most relevant information quickly and effectively. Analysts may view any individual domains or subdomains that are sending traffic, a helpful feature for delving into the infrastructure of attacks.

Iris Investigation empowers analysts to assess risk quickly, using enhanced intelligence of all logs, files, and indicators of compromise and guided pivots that map connected infrastructure components. Such guided pivots assist analysts in uncovering indicators of compromise related to relevant threats and other associated domains. The guided pivots also include SSL hashes that can aid with proactive blacklisting based on predictive malicious domain risk scores. The predictive scores can then mitigate the risks from new and unknown domains.

Analysts have access to several reporting options. They can download the results of an investigation directly from the platform to capture all components of an investigation. They can also export them, or print any tab from the Inspect Pane. All these options let analysts manage their data in a way that maximizes visibility and efficiency.

Overall, security pros will find Iris Investigation Platform a useful tool that invites collaboration, especially in analyzing the risk of an IP address or website. The ability to dive into past registration information and all domains at any point in time lets analysts surface granular intelligence for use in investigations. This information lets them identify threat actors and the malicious tactics they employ. Iris Investigation integrates otherwise disparate systems, enriches information and surface correlations with guided pivots, and highlights the pieces of information most relevant to user organizations.

Packages start at $25,000 and includes 12/5 phone, email, and website support. Organizations also have access to a well-documented knowledgebase that has tutorials, walkthroughs, and an FAQ list.

Written by Katelyn Dunn

Tested by Tom Weil

Product title
DomainTools Iris Investigation Platform v3.0
Product info
Vendor: DomainTools Contact: www.domaintools.com Product: DomainTools Iris Investigation Platform v3.0 Price: Packages start at $25,000
Strength
Iris Investigation can account for all newly registered and discovered domains in a timely manner, deliver efficient updates on the backend, and continuously monitor them for changes.
Weakness
None that we found.
Verdict
Overall, security pros will find the Iris Investigation Platform a useful tool that invites collaboration, especially in analyzing the risk of an IP address or website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.