Virtualization Technology News and Information
Article
RSS
DomainTools App for Splunk Gives Security Teams Enhanced Domain Threat Intelligence for Detecting, Investigating and Predicting Cyber Attacks

DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced significant enhancements to its app for Splunk to help customers more quickly and precisely hunt threats, investigate incidents and predict malicious cyber activity with profiles and risk scores for every domain name. The app is available for download on Splunkbase: https://splunkbase.splunk.com/app/3376/.

The DomainTools App for Splunk Enterprise will be demonstrated at Splunk .conf19 in Las Vegas, October 21-24. With the updates, Splunk users can now:

  • Enrich Domains with Tagging: reducing Mean-Time-to-Respond (MTTR) and automating Incident Response (IR)
  • Bring in Comprehensive Domain Monitoring: including newly registered domains for discovering phishing attacks
  • Browse and Search Enrichment Datasets: conveniently inside Splunk to support IR and investigations
  • Centralize Dashboarding of Splunk Enterprise Security (ES) components: for improved visibility and operational efficiency

"Domain deception techniques are driving the majority of today's cyberattacks, and more than 90 percent of them start with a spear phishing email. With the influx of security events per second rising, organizations need the ability to execute high query volumes with increased response times. The DomainTools Iris Enrich API and PhishEye API for Splunk allows customers to rapidly enrich domains with tagging, domain risk score, Whois, IP, active DNS, website & SSL data to surface evidence of malicious activity," said Corin Imai, senior security advisor, DomainTools.

"Domain intelligence can provide critical data to help power an effective SOC," said Aziz Benmalek, Vice President, Worldwide Partners, Splunk. "Splunk's mission is to bring data to everything. Every question, every decision and every action - especially from a security standpoint. The DomainTools App for Splunk will help bring high-quality domain intelligence to SOC teams and across the organization."

The DomainTools App for Splunk provides direct access within Splunk to DomainTools' industry-leading threat intelligence data on domain names, the individuals who control them, and the infrastructure that supports them. DomainTools has the breadth and quality of data, the nuanced cybersecurity understanding, and machine learning expertise to create and validate algorithms that power Domain Risk Scores to predict malicious domains before they are weaponized.

Download the DomainTools App for Splunk v3.4 now on Splunkbase: https://splunkbase.splunk.com/app/3376/.

Published Friday, October 11, 2019 2:42 PM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<October 2019>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789