paint-brush
8 Sources of Cyber Threat & Domain Intelligence for Enterprise Securityby@WhoisXMLAPI
1,370 reads
1,370 reads

8 Sources of Cyber Threat & Domain Intelligence for Enterprise Security

by WhoisXML APIJune 4th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The cyber threat intelligence market is expected to keep growing with new and improved commercial security products and managed security services. Domain intelligence is the process of monitoring and identifying trends and interesting events in domain name registrations and their ownership details using data feeds, APIs, lookup tools, and other consumption models. In cybersecurity, domain intelligence helps detect and take the necessary precautionary measures against domain-related threats, including typosquatting, phishing, business email compromise, and third-party vulnerabilities. We compiled eight domain intelligence sources that can help organizations strengthen their cybersecurity strategies.

Company Mentioned

Mention Thumbnail
featured image - 8 Sources of Cyber Threat & Domain Intelligence for Enterprise Security
WhoisXML API HackerNoon profile picture

The cyber threat intelligence market is expected to keep growing with new and improved commercial security products and managed security services. As part of these offerings, comprehensive and accurate threat intelligence sources such as domain intelligence are essential in facilitating threat detection, correlation, mitigation, and response. 

At the very least, domain name records can be compared against information published on a website or shared in an email. A claim of being in business for 10+ years by a potential business partner is indeed assessable by looking at its domain's registration date and age. However, that piece of information takes on a whole new meaning when analyzed together with registrant's details, domain reputation, website category, and other enrichment angles. 

In this post, we take a closer look at domain intelligence lookups and capabilities that can be used for deeper contextualization as part of cybersecurity operations, law enforcement investigations, and SIEM, SOAR, and TIP platforms.

What is Domain Intelligence?

Domain intelligence is the process of monitoring and identifying trends and interesting events in domain name registrations and their ownership details using data feeds, APIs, lookup tools, and other consumption models. In cybersecurity, domain intelligence helps detect and take the necessary precautionary measures against domain-related threats, including typosquatting, phishing, business email compromise, and third-party vulnerabilities.

Top 8 Domain Intelligence Sources an Organization Can Benefit From

We compiled eight domain intelligence sources that can help organizations strengthen their cybersecurity strategies.

1. WHOIS

WHOIS information comprises comprehensive domain registration details, including a domain's age, expiration date, registrant details, administrative contact details, and technical contact information. It also returns the list of hostnames that the domain uses.

Organizations that don't allow employees to make external API calls can use WHOIS API's Web-based counterpart, WHOIS Lookup. Those who wish to obtain more detailed results for investigations can subscribe to WHOIS Search, which is part of the Domain Research Suite.

2. Bulk WHOIS

Bulk WHOIS is useful for organizations that want to know the WHOIS information of multiple domains or IP addresses at once. With a single query, users can retrieve the WHOIS records of up to 500,000 domains or IP addresses, downloadable in comma-separated values (CSV) format. Like WHOIS API, users can also make bulk WHOIS queries via Bulk WHOIS API's Web-based counterpart, Bulk WHOIS Lookup.

3. Domain Availability

Domain Availability lets users know if a domain name is available for registration or not. When used as part of the Domain Research Suite, users can easily do a WHOIS lookup if a domain is unavailable according to Domain Availability Check so they'd know its ownership details. Users can also set up domain monitoring so they'd get alerted when the domain is dropped. Domain Availability API also has a Web-based counterpart, Domain Availability Lookup, which is ideal for organizations that don't allow employees to make outside API calls.

4. WHOIS History

A domain could have a long history that a simple WHOIS search won't reveal. With the help of WHOIS History API, users can unveil over ten years' worth of WHOIS ownership details. Users can also rely on WHOIS History Search, which is part of the Domain Research Suite, or WHOIS History Lookup as alternatives.

5. Domain Research Suite

The Domain Research Suite is a web-based domain intelligence source that includes three of the four WHOIS search tools discussed above—WHOIS History Search, WHOIS Search, and Domain Availability Check. It also includes Reverse WHOIS Search.

Aside from domain research, the suite also allows users to conduct domain, registrant, and brand monitoring, as it includes Domain Monitor, Registrant Monitor, and Brand Monitor. All these tools practically alert them when domains that satisfy their search terms are registered, updated, or dropped.

6. DNS Lookup

DNS Lookup and DNS Lookup API allow users to look into the Domain Name System (DNS) infrastructure of a given domain name. Users can retrieve up to 50 different DNS record types, including the domain's corresponding IP address, mail servers, and name servers.

7. Domain Reputation

Domain Reputation comes in handy when users need to assess a domain's or an IP address's reputation without accessing it. The API gleans data from different domain intelligence sources, including WHOIS records, host configurations, and various malware data feeds, and summarizes findings with a score and main relevant warnings.

Users who can't make external API calls can use its Web-based counterpart, Domain Reputation Lookup.

8. Website Categorization

Website Categorization uses machine learning (ML) to retrieve a site's content and meta tags. It then uses natural language processing (NLP) to make sense of the extracted text and assign categories to the website. The service has around 25 categories. And each site can belong to up to three types. For easier access and report sharing, users can rely on Website Categorization Lookup as well. 

---

Enterprise security can employ the above-cited sources of domain intelligence and others such as Typosquatting Data Feed and Newly Registered & Just Expired Domains to augment their cybersecurity systems. Although most of them can be used in conjunction with other sources to derive comprehensive insights, some can serve as standalone cybersecurity tools.