Overview

The Domain Risk Feed & Hotlist is a daily-updated, prioritized list of active, high-risk domains identified through DomainTools' predictive analytics. By analyzing passive DNS data and applying machine learning algorithms, the solution assigns risk scores to domains, helping security teams to detect and block potential threats before they are weaponized. This proactive approach enables organizations to stay ahead of cyber threats, reducing the risk of phishing, malware, and other malicious activities.

Features and Capabilities

• Daily Updates: The hotlist is refreshed every 24 hours, ensuring that security teams have access to the most current information on high-risk domains.
• Risk Scoring: Domains are evaluated using two primary algorithms:
  • Proximity Score: Assesses how closely a domain is connected to known malicious domains.
  • Threat Profile Score: Analyzes intrinsic domain properties to determine resemblance to malicious domains.
• Passive DNS Analysis: Utilizes data from global passive DNS networks to identify domains that are actively receiving traffic, highlighting operational threats.
• Integration with Security Tools: The feed can be integrated into existing security infrastructures, such as SIEM and SOAR platforms, to enhance threat detection and response capabilities.
• Comprehensive Coverage: Covers over 97% of currently registered domains, providing extensive visibility into potential threats.
• Actionable Intelligence: Enables the creation of custom network or endpoint block rules, enrichment of logs and alerts, and prioritization of domain-based alerts for effective threat management.