Enhanced DomainTools App for IBM QRadar Enables Security Teams to Prioritize Alerts, Investigate Incidents and Uncover Advanced Threats

New features include a threat hunting dashboard, domain lookup, and domain risk score for a more powerful app

DomainTools announced significant enhancements to its DomainTools App for IBM QRadar. The latest update allows security teams to better uncover threats and thoroughly investigate incidents with profiles and risk scores for every domain name. The app is available for download in the IBM Security App Exchange.

“There are countless reports citing alert fatigue and the barrage of noise that makes it challenging for security professionals to stay ahead of threats. It’s our responsibility to work with partners like IBM to provide solutions that help security teams prioritize alerts and stay ahead of campaigns targeting their organization,” said Corin Imai, senior security advisor, DomainTools. “We believe in surfacing intelligence for domains that are observed on our customers networks, and that is why we’ve made these enhancements to the DomainTools App for IBM QRadar.”

Marketing Technology News: iAmLife Launches “Social Selling” Platform, Blending the Best of Social Media with Easy eCommerce

Users in the security community with access to the app, can now:

  • Leverage the threat hunting dashboard
  • Perform in-context domain lookups without leaving the app
  • Enrich domains at scale
  • Proactively monitor potentially malicious domains prior to weaponization

Threat Hunting Dashboard 

The DomainTools Threat Hunting Dashboard in QRadar presents a dynamic view of threats associated with observed domains. The dashboard includes the number of high-risk domains, young domains, as well as a risk map panel that displays the geolocation of IP addresses observed in logs. In addition to these visualizations, it tabulates the rare registrar names, rare registrant names, and rare registrant emails, correlating them with DomainTools Risk Score.

Domain Lookup

Users can now perform ad-hoc domain lookups from within IBM QRadar by using the ‘Domain Profile’ tab. This allows Cyber Security Incident Response Teams and Security Operations Centers to quickly triage a domain name, in-context, by viewing its domain profile, Whois data, and Domain Risk Score. They can then perform essential pivots to find related domains and infrastructure likely controlled by the same actor. This allows the user to quickly assess the risk level of the domain and evaluate whether it warrants further investigation without leaving IBM QRadar.

Marketing Technology News: Wix and GMO Epsilon Introduce Enhanced Payment Options in Japan

Bulk Enrichment

The DomainTools App for IBM QRadar delivers event enrichment at scale by building a reference table with key fields extracted from parsed Whois data. Those fields are then available for teams to create precisely-targeted rules that alert on threat actor identities, the actor’s preferred domain hosting, and registration providers. IBM QRadar’s historical correlation feature then enables retroactive searching on those same fields.

Domain Risk Score

DomainTools Risk Score predicts how likely a domain is to be malicious, often before it is weaponized. This can close the window of vulnerability between the time a malicious domain is registered, and when it is observed and reported causing harm. The Domain Risk Score algorithms analyze a domain’s association to known-bad infrastructure, as well as intrinsic properties of the domain that closely resemble those of known phishing, malware, and spam domains.

The DomainTools App for QRadar adds risk scores to a reference map, immediately populating an associated set of domains with scores above a user-configured threshold. The app ships with sample rules that leverage these reference data sets to create offenses for events which contain risky domains.

Marketing Technology News: Cvent Named Best Overall Event Management Solution Provider in 2019 MarTech Breakthrough Awards Program