Learn how our fourth annual Cybersecurity Report Card survey highlights some good news including organizations rising admirably to the challenges of COVID, increased rate of prevention, and improved breach prevention.

Learn how to gain direct access to threat intelligence data on domain names, the individuals who control them, and the infrastructure that supports them with our enhanced App for Splunk.

Senior Security Research, Chad Anderson, illustrates why cyber threat intelligence sharing is a critical tool for security analysts. It takes the learnings from a single organization and shares it across the industry to strengthen the security practi

Learn how threat intelligence sharing in the midst of opportunistic COVID-19 attacks resulted in the ability to organize a cohesive defense against a common enemy.

Learn how taking a DNS-centric approach to unraveling sophisticated attacks can connect the dots quickly. This methodology blends the analysts experience and intuition with the outputs of whatever security systems the organization.

The dark web is shrouded in mystery with many enduring misconceptions about what it is, how it works, and what are the threats and the trends that we should be worrying about.

The staffing necessary to fight the ever-increasing cyber threats are harder to come by than ever. This blog is an exploration of how people who are neurotypical can provide much needed perspective and fill in-demand security roles.

Cybercrime and mental health issues are both rampant. This blog will look at how mental health issues can leave organizations more at risk to cybercrime, and how combating cybercrime can affect mental health.

Learn how to quickly map out a ransomware attack by looking at recent REvil ransomware indicators in DomainTools and Maltego.

As of August 8th, Avaddon ransomware authors launched an extortion site in an effort to further incentivize victims to pay the ransom. Tarik Saleh dissects this ransomware, analyzes victimology, and provides more details on the extortion site.

In a recent study The Ponemon Institute highlights that automation and IT security workers must work hand-in-hand to achieve maximum effectiveness. Learn how to turn automation into a career catalyst by staying ahead of the curve with these five cri

By combining the data enrichment and automation capabilities, you can prioritize and mitigate threats more efficiently. ThreatConnect and DomainTools, have now officially partnered to deliver the DomainTools Iris Investigate Playbook App.

Learn how to leverage DomainTools APIs and Jupyter Notebooks to interactively investigate and respond to the Avaddon email spam ransomware then turn your working code into a collaborative tool amongst your peers.

Learn how DomainTools users of Elastic can supercharge SecOps through our DomainTools App for Elastic

When working in cybersecurity circles, the terms Red team and Blue team are bound to make an appearance. In this blog post, we go over the exact definition, origination, and how these terms can help advance your cybersecurity performance.

Deciding what Threat Intelligence platform to use is a huge decision for any security professional. Learn how DomainTools Threat Intelligence solutions help empower security teams to identify threats faster, improve productivity and reduce events.

Security organizations need to stay ahead of threats. In this blog we go over how TIP enables your threat intelligence program, brings your security team the automation it needs, and three key performance functions.

Iris is a powerful investigative tool with a strong brand protection capability. By following the steps outlined in this blog, users can dial in threats through Advanced Searches, pDNS, the Iris Pivot Engine, and export new findings all in Iris.

SOAR is an acronym that addresses many major challenges that security teams are facing today, by using a collection of software solutions and tools that allow organizations to streamline security operations and create more effective systems.

DomainTools CEO, Tim Chen, reflects on the significance of Juneteenth, actions we have taken as an organization to promote diversity in the workplace and our community, and recognizes the need for significant change at DomainTools.

SIEM systems can save IT and Security teams from spending copious amounts of time digging through logs and events to find suspicious behavior and much more. Read this blog to learn more.

Online fraud doesnt have a set typeit affects government organizations, global businesses, small companies, and your personal friends. In this blog post we define fraud and cover how investigations can be carried out in the cybersecurity world.

What is your adversarys largest attack vector? Is it a web page? A virus? An email attachment? Hint: It is your greatest and most vital asset. Your brand. Annually, lost revenue as a result of brand fraud costs companies over $1 trillion worldwide.

Today's society has created an increased demand for cybersecurity forensics as a necessity for any security team. Forensic data captured provides the information needed that often leads to breach identification.

Cybercriminals today have more tactics than ever before to avoid defense measures. Threat Hunting helps defenders get ahead of cyberattacks in order to prevent or minimize damage to your organization before they occur.

Now that the team is in place, its time to build out your IR plan. In blog 3 in this series, we go in detail of the six steps of Incident Response. Remember, a strong IR plan helps you to both prepare and prevent security incidents.

The Next Generation Firewall solution is the first line of network defense but as threats have evolved and increased in volume, a new technology has emerged to work in tandem with the firewall, the Threat Intelligence Firewall.

Even with the myriad of security tools we have at our disposal today, cybercriminals are still able to penetrate our networks. Is it really necessary to have a Cyber Incident Response Plan in place?

In part 1 of this 3-part blog series, well delve into Cyber Incident Response Planning and how to address and manage the repercussions of a cyberattack or incident.

We are proud to announce Domain Hotlist, a predictive, prioritized, and easily consumable block list that identifies active, high-risk domainsempowering organizations to proactively guard against relevant, emerging threats.

Learn how Senior Security Researcher, Chad Anderson, identified coordinated astroturfing when he came across a reddit comment with a number of suspect domains.

As stated in our previous blogs, phishing messages rely on social engineering. Security awareness for all employees is key when it comes to protecting against phishing attacks due to the veil of lies within emails/links/attachments.

Phishing. Its been around for nearly three decades, and its not going away anytime soon. And, as we move into the 2020s, phishing has expanded to a variety of different techniques that utilize fraudulent URLs, malicious attachments, and more.

In part 1 of this 3-part blog series, well delve into phishing and take a look at how you can protect yourself by deploying a strategy of threat protection for your company.

There are a number of best practices that can work to improve your organizations security posture. Following these will help you put the right defenses in place, and become the building blocks of a solid plan to ensure you react to a breach.

We are delighted to announce DomainTools Iris Integration for TheHive and Cortex. With this integration, we extend our abilities in automating Incident Response (IR) and orchestration functions within Security Operation Centers (SOCs).

As the threat landscape continues to evolve, organizations are under more pressure than ever to manage their security vulnerabilities. Known as Indicators of Compromise, or IoCs, these digital footprints are evidence of potential intrusions on a...

DomainTools is providing a free, curated list of high-risk COVID-19-related domains to support the community during the Coronavirus crisis. The list will be updated daily and available for CSV download.

Threat intelligence is the data an organization collects and analyzes in order to understand how a cyber threat may, has, or will attack their organization. This information enables organizations to gain valuable knowledge about these threats.

The DomainTools Security Research Team, in the course of monitoring newly registered Coronavirus and COVID labeled domain names, discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map.

The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Android App.

As organizations grow their security strategies to include proactive tactics such as threat hunting, they are leveraging several different tools to accomplish their various tasks. As security professionals prepare to face the threats of the future...

Learn how to use passive DNS to hunt through malicious domains to see the underlying infrastructure set up behind them, any DNS tunneling for C2 or data exfiltration happening, and the historical fluctuation between malicious servers behind a domain

DomainTools Security Research Team regularly monitors our domain collection. One site that came through recently was quite nefarious and yet to appear on any blacklist. We decided to use Iris to investigate further and stumble upon something bigger.

We are excited to introduce some foundational changes for Iris, including a new settings panel that centralizes control over your Iris workflow.

Learn key insights from a report conducted by the Ponemon Institute, which surveyed 1,027 IT and IT security practitioners in the US and UK who participate in recruiting, hiring, promoting IT security personnel within their organizations.

SeaTurtle continues to effectively use DNS Hijacking techniques to compromise various organizations and government groups. Dive into this post to see how DomainTool Iris can track the action and answer the question, will this continue to happen?

Join Senior Security Advisor, Corin Imai, for a an investigation into known bad domains. In this blog, learn how to map connected infrastructure to expand from one indicator, to many in a matter of pivots. This investigation includes a variety of dat