Tag Archives: DomainTools

.NZ Gets Another Victory In DomainTools Battle Over registrant Privacy Rights

New Zealand’s Domain Name Commission (DNC) had their third victory in three appearances in their ongoing court battle with DomainTools, the latest being in March. DomainTools had appealed three claims, following losing their first appeal, but won only one, while the DNC won the remaining two, with consideration being given by the DNC to appeal the remaining claim. It is a battle over whether a top-level domain registry protect the privacy of their registrants. As Jordan Carter, InternetNZ’s CEO, told the Goldstein Report back in March 2019, “this test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.” It seems that the privacy rights of .nz registrants has been protected.

Continue reading .NZ Gets Another Victory In DomainTools Battle Over registrant Privacy Rights

Upcoming Webinar: DomainTools Iris: Guided Tour of New Features

Adversary infrastructure intelligence is key for incident responders, threat hunters, and other SOC professionals. For years, DomainTools Iris has been a crucial tool for organizations worldwide. For Spring 2019, DomainTools introduces several enhancements to give analysts more context, more efficiency, and more power.

In this webinar, participants will gain information on how to:

  • Quickly gain context on infrastructure through the tagging of domains
  • Identify related malicious infrastructure through subdomain information in SSL certificates
  • View multiple key data points on a domain in a single window through Domain Inspection
  • See the average risk and domain age for any given set of results through the Summary Metrics
  • Easily export pDNS for use in other tools or documents

Join Director of Product Management, Tim Helming, to learn how these features can help you level-up your adversary infrastructure intelligence capabilities.

This DomainTools webinar will be held on 25 June at 09:00 US Pacific Time, 12:00 US Eastern Time. To register, go to: https://www.domaintools.com/resources/webinars/domaintools-iris-guided-tour-of-new-features

Webinar: How DomainTools and Splunk>Phantom Work in Harmony so you can SOAR

Cybersecurity as an industry is seeing an ever-widening skills gap. As roles go unfilled, practitioners find themselves increasingly unable to meet the needs of their organizations in terms of security posture and maturity. Security Orchestration, Automation, and Response has the ability to help organizations with security processes, automation of specific actions, and intelligently inform teams, with the end goal of efficiency.

With the new features that DomainTools has built into Splunk Phantom, organizations are able to leverage this integration for purpose-built work with the Iris Investigate API. The rich Iris dataset is available not only for ad-hoc research on specific incidents in Splunk Phantom, but also for automated actions in Splunk Phantom playbooks.

In this webinar, learn:

  • How organizations are leveraging DomainTools for Splunk Phantom for Incident Response, IoC Hunting, Network Access Control, and Intelligence Sharing
  • How to get the Single Pane of Glass in Splunk Phantom with DomainTools’ Domain and DNS-based adversary intelligence
  • Where to leverage Domain Risk Score to automate workflows

Join Mark Kendrick, Director of Product Integrations at DomainTools, for this 30 minute webinar on 16 May.

To register, go to: domaintools.com/resources/webinars/how-domaintools-and-splunkphantom-work-in-harmony-so-you-can-soar

DomainTools Webinar: DNS Mapping for Better Context on Threats

According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing – and this number has been rising year over year for the last five years. Join Ben April, Chief Technology Officer at Farsight and Corin Imai, Senior Security Advisor at DomainTools for this 30 minute webinar on a real-world DNS forensic investigation. Starting with a single IOC (indicator of compromise), they will step through how to pivot through domain infrastructure to build intelligence of associated malicious activity.

March 26, 2019 at 10 AM PT/1 PM ET

In this webinar, you will learn:

  • How to take an IOC and pivot on supporting threat intelligence
  • Where pDNS can uncover cybercrime forensics data
  • When to leverage DomainTools and Farsight to build an investigation

To register for this free webinar, go to:

Webinar: Enrich Your Investigations With DomainTools Iris for Maltego

Maltego is an open-source intelligence platform leveraged by practitioners for information gathering and data mining, providing a library of transforms for discovery of data from a variety of sources, and a visualization of the information to quickly bubble up relationships between pieces of information. In this webinar, learn how DomainTools and Maltego have simplified and expedited cyber investigations by extending crucial enrichment data (like DNS, Guided Pivots, historical Whois, and SSL certificates) to provide a seamless workflow for both Maltego and DomainTools Iris users.

February 6, 2019 at 10:00 US Pacific Time/13:00 US Eastern Time

Join Senior Sales Engineer, Taylor Wilkes-Pierce, to learn how to:

  • Map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surface meaningful insights
  • Increase the chance of intersection with existing graph data from other sources to open up new investigative pathways
  • Quickly identify which graph node to pivot on by consulting the Guided Pivot count present on nearly every entity these transforms act on
  • Conduct investigations with real world examples leveraging both DomainTools and Maltego

For free registration, go to:

DomainTools Webinar: 2019: No Oscars for the Bad Threat Actors

2018 isn’t over and we have already seen a massive increase in the number and types of cybersecurity threats from ransomware to phishing. So what will 2019 bring and what can be done to prevent the next wave of cyber attacks?

Join subject matter experts from DomainTools in a lively discussion of what’s next for information security. CTO Bruce Roberts, Director of Product Management, Tim Helming, Senior Security Advisor, Corin Imai, and Senior Data Scientist, Sean McNee will conduct a round-table discussion on their information security predictions. Highlights include:

  • Let’s Get Critical (The political process is the new critical infrastructure under attack)
  • Breaches and Woes (Change in public perception of breaches)
  • The Automation Invasion (Automation will continue to create more issues than solutions if organizations)
  • Mind the (Skills) Gap

December 11, 2018 at 10 AM PT/1 PM ET

To register for this free DomainTools webinar, go to:

DomainTools Webinar: The Beginner’s Guide to Mitigating Phishing Attacks

According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing – and this number has been going up year over year for the last five years. Phishing by definition is a fraudulent attempt to gain access to sensitive data and leverage such data for malicious purposes. Most commonly this is done by disguising malicious links to distributed malware.

In this webinar, Corin Imai, Senior Security Advisor at DomainTools will take a look at the steps to executing a phishing attack and the potential ways to help mitigate the risk.

November 14, 2018 at 10 AM PT/1 PM ET

In this webinar, you will learn:

  • Real world examples of attacks leveraging phishing vectors
  • 5 steps of executing a phishing attack – if I can do it, surely anyone can
  • 5 ways to mitigate your risk of a phishing attack

To register for this webinar, click here.

Webinar: DomainTools Guide to Threat Hunting with Splunk and Phantom

According to the SANS 2018 Threat Hunting Survey Results, 75% of IT professionals said their organizations have reduced their attack surface as a result of more aggressive threat-hunting while 59% credited the approach for enhancing incident response speed and accuracy.

DomainTools Iris can help you bring these outcomes to your security practice, especially when you leverage the Iris dataset to enrich your logs in Splunk and execute incident response playbooks in Phantom.

With the enhancements to our Splunk Technology Add-on, we’ve enabled security teams to take indicators from their network, including domains and IPs, and connect them with the comprehensive DomainTools Iris dataset. Those connections inform risk assessments, profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

Orchestration and automation are vital to scaling those activities, which is why teams have leveraged DomainTools in Phantom almost since it was launched. Now, we’re extending those capabilities with the Iris Investigate API to enable guided pivots and smarter blocking decisions in your playbooks.

In this webinar, Mark Kendrick, Director of Product Integrations will be showing how our customers leverage the capabilities of the rich Iris data set with these products to provide better visibility and context into their network traffic, gain event enrichment-at-scale, and garner proactive risk scoring with selective targeting.

October 23, 2018 at 10 AM PT/1 PM ET

In this webinar, you will learn:

  • Where you can surface meaningful alerts to identify malicious intent
  • How to immediately access dozens of attributes attached to every domain event in Splunk
  • How batch processing helps scale enrichment to cover massive data sources
  • How to use Risk Score, Proximity and Threat Profile classifiers to manage alert fatigue
  • How to build playbooks in Phantom that replicate the smartest analyst workflows

This DomainTools announcement was sourced from:

Webinar: 5 Ways to Get an “A” in Cybersecurity – DomainTools Cybersecurity Report Card

The cybersecurity landscape is evolving at a rapid pace. As a result, security teams are working hard to stay on top of the learning curve and maintain a mature security posture. With this state of flux in mind, we conducted a global survey with more than 500 security professionals to better understand the current state of maturity of security teams.

October 3, 2018 at 10 AM PT/1 PM ET

Join DomainTools Sr. Product Marketing Manager, Corin Imai, to discuss key takeaways from the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs. Their responses, particularly when compared to the results of the 2017 Report Card, shed light on how cybersecurity practices are evolving, and what the most successful organizations are doing to ensure they stay ahead of the ever-growing and changing threat landscape.

In this webinar, you will learn:

  • Key trends over the past two years in Cybersecurity
  • How the use of automation technology plays a significant role among highly-rated programs
  • Where there is room for improvement: Even with top marks, there is always opportunity for growth
  • Actionable best practices you can implement in your organization

To register for this DomainTools webinar, see:

.NZ Wins Preliminary Injunction Against DomainTools to Keep Registrant Data Private

New Zealand’s Domain Name Commission this week won a motion for preliminary injunction in a US court [pdf] to prevent DomainTools from accessing .nz’s Whois details and downloading the information into their own database.

The DNC, whose role they describe as being to develop and monitor a competitive registrar market, as well as creating a fair environment for the registration and management of New Zealand’s country code top level domain, comes under the InternetNZ umbrella. They viewed the victory as important for the .nz domain name space and for domain name holders wanting to keep some of their personal details from public view. It also strikes a precedent for other registries wanting to keep registrant data private.

The DNC notes that managers of other ccTLDs will want to pay attention to the judgment. This may raise confidence to fight their own cases should DomainTools be breaching their terms of use.

The preliminary injunction prevents DomainTools from “sending ‘high volume’ queries, “accessing the .nz Register ‘in bulk’”, “storing or compiling register data”, “publishing historical or non-current versions of the register data; and publishing register data in bulk.”

In the leadup to the decision, in November 2017 the DNC allowed individual registrants who are not in trade to choose to withhold their phone number and contact address from publicly appearing in the domain registrant search (Whois). Earlier this year, this became mandated. More than 20,000 domain names have already taken up the privacy option.

DomainTools is a digital intelligence-gathering company in the US and has been scraping registration data from New Zealand’s Domain Name Commission for many years. This mass collection of data breaches the Commission’s terms of use and exposes details of domain name holders who choose to have their details kept private. This is because DomainTools makes available historic records which show the now withheld information.

Domain Name Commissioner, Brent Carey, says winning this lawsuit is good news for .nz domain name holders and their privacy.

“The ruling allows the Commission to continue balancing online accountability with respect for individual privacy. The ruling temporarily puts to an end DomainTools’ bulk harvesting of .nz domain holders’ personal information and selling that data for a profit.

“This is a step in the right direction to ensure that any person or company looking to build a business on domain name data, in violation of our Terms of Use, can’t do so,” says Carey.

DomainTools argued that this lawsuit may cause an avalanche of litigation as other registries attempt to protect the privacy of their registrants – and Judge Lasnik stated they may be correct.

“We look forward to presenting our full case to the Court, as we seek to permanently prevent DomainTools from ever building a secondary .nz database offshore and outside the control of the Domain Name Commission,” says Carey.

In court, DomainTools requested $3.5 million (over NZ$5m) in bond to compensate for reworking database files to ensure that .nz data is not provided to its customers. However, the judge ruled that a nominal bond of only $1,000 (NZ$1,500) is required.