8 Sources of Cyber Threat & Domain Intelligence for Enterprise Security

The cyber threat intelligence market is expected to keep growing with new and improved commercial security products and managed security services. As part of these offerings, comprehensive and accurate threat intelligence sources such as domain intelligence are essential in facilitating threat detection, correlation, mitigation, and response. At the very least, domain name records can be compared against information published on a website or shared in an email. A claim of being in business for 10+ years by a potential business partner is indeed assessable by looking at its domain's registration date and age. However, that piece of information takes on a whole new meaning when analyzed together with registrant's details, domain reputation, website category, and other enrichment angles. In this post, we take a closer look at domain intelligence lookups and capabilities that can be used for deeper contextualization as part of cybersecurity operations, law enforcement investigations, and SIEM, SOAR, and TIP platforms. What is Domain Intelligence? Domain intelligence is the process of monitoring and identifying trends and interesting events in domain name registrations and their ownership details using data feeds, APIs, lookup tools, and other consumption models. In cybersecurity, domain intelligence helps detect and take the necessary precautionary measures against domain-related threats, including typosquatting, phishing, business email compromise, and third-party vulnerabilities. Top 8 Domain Intelligence Sources an Organization Can Benefit From We compiled eight domain intelligence sources that can help organizations strengthen their cybersecurity strategies. 1. WHOIS WHOIS information comprises comprehensive domain registration details, including a domain's age, expiration date, registrant details, administrative contact details, and technical contact information. It also returns the list of hostnames that the domain uses. Organizations that don't allow employees to make external API calls can use 's Web-based counterpart, . Those who wish to obtain more detailed results for investigations can subscribe to , which is part of the Domain Research Suite. WHOIS API WHOIS Lookup WHOIS Search 2. Bulk WHOIS Bulk WHOIS is useful for organizations that want to know the WHOIS information of multiple domains or IP addresses at once. With a single query, users can retrieve the WHOIS records of up to 500,000 domains or IP addresses, downloadable in comma-separated values (CSV) format. Like WHOIS API, users can also make bulk WHOIS queries via 's Web-based counterpart, . Bulk WHOIS API Bulk WHOIS Lookup 3. Domain Availability Domain Availability lets users know if a domain name is available for registration or not. When used as part of the Domain Research Suite, users can easily do a WHOIS lookup if a domain is unavailable according to so they'd know its ownership details. Users can also set up domain monitoring so they'd get alerted when the domain is dropped. also has a Web-based counterpart, Domain Availability Lookup, which is ideal for organizations that don't allow employees to make outside API calls. Domain Availability Check Domain Availability API 4. WHOIS History A domain could have a long history that a simple WHOIS search won't reveal. With the help of , users can unveil over ten years' worth of WHOIS ownership details. Users can also rely on , which is part of the Domain Research Suite, or WHOIS History Lookup as alternatives. WHOIS History API WHOIS History Search 5. Domain Research Suite The is a web-based domain intelligence source that includes three of the four WHOIS search tools discussed above—WHOIS History Search, WHOIS Search, and Domain Availability Check. It also includes . Domain Research Suite Reverse WHOIS Search Aside from domain research, the suite also allows users to conduct domain, registrant, and brand monitoring, as it includes Domain Monitor, Registrant Monitor, and Brand Monitor. All these tools practically alert them when domains that satisfy their search terms are registered, updated, or dropped. 6. DNS Lookup and allow users to look into the Domain Name System (DNS) infrastructure of a given domain name. Users can retrieve up to 50 different DNS record types, including the domain's corresponding IP address, mail servers, and name servers. DNS Lookup DNS Lookup API 7. Domain Reputation comes in handy when users need to assess a domain's or an IP address's reputation without accessing it. The API gleans data from different domain intelligence sources, including WHOIS records, host configurations, and various malware data feeds, and summarizes findings with a score and main relevant warnings. Domain Reputation Users who can't make external API calls can use its Web-based counterpart, Domain Reputation Lookup. 8. Website Categorization uses machine learning (ML) to retrieve a site's content and meta tags. It then uses natural language processing (NLP) to make sense of the extracted text and assign categories to the website. The service has around 25 categories. And each site can belong to up to three types. For easier access and report sharing, users can rely on Website Categorization Lookup as well. Website Categorization --- Enterprise security can employ the above-cited sources of domain intelligence and others such as and to augment their cybersecurity systems. Although most of them can be used in conjunction with other sources to derive comprehensive insights, some can serve as standalone cybersecurity tools. Typosquatting Data Feed Newly Registered & Just Expired Domains

8 Sources of Cyber Threat & Domain Intelligence for Enterprise Security

Too Long; Didn't Read

Company Mentioned

@WhoisXMLAPI

RELATED STORIES