Malware Patrol & WhoisXML API: Augmenting Threat Detection with Newly Registered Domain Data
About
Malware Patrol has been providing cyber threat intelligence since 2005, enabling users across 175 countries to tap into their up-to-the-minute data for threat research and hunting, incident response, and network protection. The data feeds they offer are machine-readable, customizable, and compatible with common security systems, allowing for seamless cyber attack protection.
Highlights
-
Detecting malicious domains promptly can be challenging, given the pace at which threat actors register new domains.
-
Easily integrating domain registration intelligence to solutions contributes to early domain threat detection.
-
Malware Patrol continuously offers focused threat intelligence crucial for proactive detection.
Early Detection of Malicious Domains
As a cyber threat intelligence provider, Malware Patrol acknowledges the rapid and constant evolution of domain threats. Malicious actors can weaponize a domain quickly after registration. This reality requires security systems to continuously obtain timely domain intelligence, notably to detect and block domains that could be harmful, such as those used in malware and ransomware distribution, phishing, and C&Cs.
Extensive and Relevant Domain Intelligence
Malware Patrol leverages WhoisXML API’s Newly Registered Domains (NRD) offering, one of the largest and most up-to-date repositories of new domain registration data, among other threat intelligence sources it uses.
The company automatically ingests NRD data to augment its timely and relevant threat intelligence offerings. Information on Newly Registered Domains is aggregated into Malware Patrol’s historical data set and correlated with numerous other threat intelligence sources, providing timely and relevant data for its clients’ threat hunting, network protection, cyber investigation, and other use cases.
“We use WhoisXML API to supplement our current data collection efforts. It is easy to integrate and stable, helping us detect potentially malicious domains in a timely manner.”
Effective and Focused Domain Threat Intelligence
Automated NRD Data Collection
NRD feed files are well-parsed and normalized to a consistent format, making them highly compatible with Malware Patrol’s automated systems. This compatibility helps avoid any delay in data gathering, allowing the company to continuously and automatically pull domain intelligence and correlate it with its historical data set.
Up-to-Date Domain Threat Detection
Integrating WhoisXML API’s NRDs enables Malware Patrol to supplement their existing data sources, intensifying its capability to provide up-to-the-minute cyber threat intelligence to its customers.