Hacking, malware, insider attacks, and security breaches leave tracks behind. Our cybersecurity data feeds, APIs, and tools help users reverse engineer cyber attacks, identify potential attack vectors, and initiate investigation and remediation steps. These are designed to complement organizations’ current incident response strategies, allowing them to easily analyze and correlate evidence from electronic devices, systems, communications, software, and cyber assets.
Contact us at
A suite of WHOIS, Domain, and IP intelligence packages designed to meet the needs of the most advanced cybersecurity users — in-house security departments, managed security service providers, and cyber forensics investigators and threat hunters.
A set of tools and platforms that's useful for domain research & monitoring, threat investigation, threat intelligence and general cyber-security research.
A comprehensive set of APIs for domain, WHOIS, DNS and IP research & monitoring, plus threat investigation, threat defense and SIEM (security information & event management) data enrichment.
A comprehensive set of data feeds that contain both real-time and historic domains, WHOIS, DNS, IP and cyber threat intelligence datasets that are useful for efficient big data infosec analytics, forensic analysis, SIEM (security information & event management) data enrichment. Ideal when enterprise or government security policies prohibit the use of API calls outside the internal network.
One of the cornerstones of cybersecurity is threat intelligence sharing. Maintenance of our IT systems' security and their protection against malicious activity require up-to-date knowledge of the entire field. There are significant efforts to assist experts in this activity, including those of market leaders such as IBM X-Force Exchange.
Due to the decentralized architecture of the Internet, however, the collaboration of the actors as well as voluntary campaigns in order to detect vulnerabilities are also of utmost importance. If, however, the owners of the affected systems cannot be notified, these efforts can hardly achieve their positive goal. And in this notification process, WHOIS data have their use...
Sometimes certain comfortable and seemingly innocent protocols can introduce significant security risks, especially when the system's environment changes.
The WPAD (Web Proxy Autodiscovery) protocol is prevalently used to configure the web proxy settings of end systems such as desktops and other devices belonging to an administrative domain, e.g. a corporate network. The benefit of this solution is that system administrators can deploy local web proxy settings essentially without any user interaction. Due to a very progressive change in the domain registration policies, the otherwise very useful WPAD protocol has introduced the possibility of a new and very dangerous man-in-the-middle attack...