DNS Forensics Using the Big Data Extension of IBM’s QRadar Security Intelligence Platform
The basis of IBM’s key security solutions is the QRadar Security Intelligence Platform, a
security information and event management system (SIEM). It is a unified platform covering many
security-related tasks and incorporating a broad spectrum of solutions including the use of
X-Force Threat Intelligence, IBM’s cloud-based threat intelligence platform.
The big data extension of QRadar can be used to do DNS forensics in order to identify risky
domains, risky users, and risky IP addresses, and feed this information back to QRadar in order
to define new protection rules...
WhoDat Project: an Interactive Pivotable Tool
for Working with WHOIS Data
As the analysis and research of WHOIS data is crucial in cybersecurity, the MITRE cooperation
develops a front-end for the services provided by WhoisXML API in support of researchers' and
Easily Managing Hundreds of Domain Names from Salesforce
IEEE was searching for a solution to automate its manual process of ensuring hundreds
of independently-owned IEEE domain names were being updated with their latest
information in the WHOIS Domain Name Registry. More specifically, there was a
critical need of identifying upcoming domain name expirations early in order to
alert their owners of potential losses...
Dark Crawler, a Useful Tool to Assess Child Exploitation from Online Communities
Child sexual offenders have always been quick to adapt technological advances, such as
photography and film for the purposes of exploiting children. The move of child exploitation
material (CEM) to the Internet has enabled them to form online communities which allow
easier access to CEM, recruiting co offenders and business partners, as well as
validating their deviant behavior amongst other offenders.
Despite the established harm inherent within child exploitation imagery and
distribution online, current attempts to limit such content have been largely unsuccessful.
Dark Crawler is a tool used by search-engines to automatically navigate the Internet
and collect information about each website and webpage which can be used to seek out
specific content, such as child exploitation material ...
Whois Data Opening up a New Avenue
for the Measurement of Entrepreneurship
Entrepreneurship is the central process through which economic growth and performance is
fostered in a regional economy. Its evaluation is thus of paramount importance for
policymakers and economists. However, the quantification of entrepreneurship, that is,
introduction of measures to describe the attempts to start growth-oriented business, the
likelihood of their success, the ability to raise venture capital, etc. is a challenging
task due to the lack of globally available and accurate input data on e.g. business
In a recent working paper a new approach is proposed to overcome this issue by using WHOIS registration data.
The approach is applied to companies in Oxford and Cambridge, UK as a demonstration, by using data purchased from WhoisXML API.
Malicious URL Detection via Machine Learning
Protection against malicious websites is an important task in cybersecurity.
A common way of identifying such sites is the use of blacklists which contain
a large set of URLs considered dangerous. There are various techniques for
compiling such lists, and there is obviously a need for methods to verify if a
suspicious site is really dangerous...
Is a HTTPS Webpage as Secure as Expected?
Encrypted communication on the Internet is most commonly realized by Secure Sockets Layer (SSL)
and Transport Layer Security (TLS). Webpages communicating sensitive content,
including Internet banking, webshops, etc. use the HTTPS protocol which is based on this.
E-mail servers, when communicating with clients in a secure manner, use the relevant e-mail
transfer protocols such as SMTP, IMAP or POP3 over SSL/TLS.
In current practice web pages are often hosted at least in part by third-party
hosting providers or content-delivery networks. Thus the hardware systems we
communicate with belong to these third parties, which may host many other pages
of completely different entities. And, in order to establish desired secure
communications, these parties have to get hold of private keys of these entities.
Currently, many providers overtake even the management of keys from their clients
which gives rise to profound and possibly severe security implications...
WHOIS Data for Vulnerability Notifications
One of the cornerstones of cybersecurity is threat intelligence sharing.
Maintenance of our IT systems' security and their protection against
malicious activity require up-to-date knowledge of the entire field.
There are significant efforts to assist experts in this activity,
including those of market leaders such as IBM X-Force Exchange.
Due to the decentralized architecture of the Internet, however,
the collaboration of the actors as well as voluntary
campaigns in order to detect vulnerabilities are also of
utmost importance. If, however, the owners of the affected
systems cannot be notified, these efforts can hardly achieve
their positive goal. And in this notification process, WHOIS data have their use...
The WPAD Name Collision Vulnerability in the New gTLD Era: a Threat Crying for Urgent Solution
Sometimes certain comfortable and seemingly innocent protocols can introduce significant
security risks, especially when the system's environment changes.
The WPAD (Web Proxy Autodiscovery) protocol is prevalently used to configure the web
proxy settings of end systems such as desktops and other devices belonging to an
administrative domain, e.g. a corporate network. The benefit of this solution is
that system administrators can deploy local web proxy settings essentially without
any user interaction. Due to a very progressive change in the domain registration
policies, the otherwise very useful WPAD protocol has introduced the possibility
of a new and very dangerous man-in-the-middle attack...
NormShield Success Story: Leveling Up Third-Party Risk Assessment with Domain & IP Intelligence
WhoisXML API is proud to announce its partnership with cybersecurity solution provider NormShield.
NormShield enables enterprises to evaluate their external cyber risk posture by letting them conduct
non-intrusive third-party risk assessments. NormShield’s growing client base operates in various
industries, among which are financial services, healthcare, manufacturing, retail, and tech in
The results of third-party risk assessments powered by NormShield come in the form of intuitive
scorecards that immediately tell enterprise users what their most salient cyber risks are. The
scorecards also contain recommendations on how to deal with each risk based on its priority
NormShield relies on comprehensive and accurate domain, subdomain, and IP address data to conduct
thorough risk evaluation of its clients’ suppliers, subsidiaries, and other stakeholders. The
company has partnered with us to integrate the IP Neblocks WHOIS Database Feed
and Whois Database Feed into its processes — now monitoring more than 1.2 billion domains, 7 billion WHOIS records
across 2,864 top-level domains (TLDs), and 9.1 million IP netblocks.
Here is more about the challenges our products have helped to deal with and the exciting details of
this fruitful collaboration.