Bright Cyber (Voodoo technology LTD)

Domain Tools - DNS Threat Intelligence (CTI)

DomainTools helps IT Security analysts assess threat levels of unknown domains, profile attackers and quickly enumerate associated internet assets to stop attacks early, saving time and money. DomainTools has the most comprehensive data on domain names, DNS and related data for cyber threat intelligence.

Features

• Profile phishing domains and IPs that cyber criminals use
• Identify dangerous infrastructure before domains appear in blacklists
• Profile malicious infrastructure, and analyse the risk of domains
• Look back on DNS records to uncover connections
• Web interface/APIs sources help detect cybercrime and cyberespionage
• Intelligence risk scoring with industry-leading passive DNS data
• IP address changes, registrar changes and name server changes
• Return domain names that sharecommon web host IP address
• IPv4 IP address range sub-allocations
• 4 independent passive DNS feed sources providing global coverage

Benefits

• Avoid the blind spots that come with inferior data sources
• Pinpoint the most valuable investigative path
• Adversary profiling and attack infrastructure mapping
• Forensic maps of criminal activity to triage threat indicators
• Investigation Collaboration (button)
• Ease of administration and Licensing Options
• SaaS performance flexibility and architecture
• Support and Training included in the subscription
• Out-of-Box Reporting formats and exports
• Scalable Monitors – best in class

£15,000 to £200,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at murray.pearce@bright-cyber.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

178998136582233

Contact

Murray Pearce
07788 560 801
murray.pearce@bright-cyber.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: N/A
• System requirements: Fully SaaS operated and accessible via web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dedicated email support Monday-Friday 07:00-16:00 hrs Pacific / 14:00-23:00 hrs UTC, as well as off-hours email monitoring and response to inbound support requests < 6hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: L1 support accessed via email at enterprisesupport@domaintools.com; ; L2 support is provided if issues resolution requires in-depth review and for API/integration support; ; L3 Onsite support available for a fee depending on time and travel requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: DomainTools representatives assist customers with how to start using the DomainTools services via introductory, advanced and bespoke training.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: SwaggerHub
• End-of-contract data extraction: Users may generate reports of domain investigations and export those reports in PDF file format. Iris domain investigations can also be exported individually, saved, and imported into Iris as Investigations. Iris search Hash, CSV, and STIX format data exports are also available.
• End-of-contract process: DomainTools Account Management and Bright Cyber will proactively contact the customer before the renewal date. Should the customer choose not to renew, they will no longer be able to access the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: DomainTools Iris Investigate and DomainTools Detect provide user interfaces.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: DomainTools offers numerous APIs to integrate with other solutions. These include Newly Discovered Domains, High-Risk Domains, and other domains available in the service.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: DomainTools ensures that users aren’t affected by the demand other users place on the service through a multi-layered approach focused on redundancy, scalability, and resource isolation.

Analytics

• Service usage metrics: Yes
• Metrics types: Detailed usage reports are provided under the 'My Account' page for included/Month, Used and Remaining and quotas. Equivalents are available via API calls for API services.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Domain Tools

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users may generate reports of domain investigations and export those reports in PDF file format. Iris domain investigations can also be exported individually, saved, and imported in Iris as Investigations. Iris search Hash, CSV, and STIX format data exports are also available. Also integrated with Splunk, IBM Security, Anomali, ThreatConnect, MISP Threat Sharing and Maltego.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • STIX format data exports are available
  • Iris search Hash
  • Common Event Format
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Domain Tools do not collect or store users data
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: DomainTools SLA is 99.9% availability, measured monthly.; ; Severity and Communications; ; Scheduled Downtime: 5 days advance notification; ; Unscheduled downtime severity levels and communication:; ; Critical; DomainTools is unreachable for most or all customers. Within one hour of discovery, customers are informed via website UI pop-up and/or email, depending on service.; Example: Domaintools.com is down and engineering estimates are greater than 1 hour to restore ; ; High; Services are slow to respond, queries time out for some customers.; Within 8 hours of discovery, customers are informed via website UI pop-up and/or email, depending on service.; Example: DomainTools.com is available but slow to respond (times out) due to network saturation and engineering estimates greater than 8 hours to restore.; ; Moderate; Some services are slow or unresponsive but workarounds exist for customers. Within 24 hours of discovery customers are informed via website UI pop-up and/or email, depending on service.; Example: Significantly delayed monitor updates in API, GUI or email delivery.; ; Refunds; Service Credits are calculated by dividing the Subscription fee for the Service by the number of months in the Subscription Term, and multiplying the total by the Service Credit percentage as below:; ; SLA Commitment Service Credit; ≥ 99.9% 5%; ≥ 99% 10%; ≥ 95% 25%
• Approach to resilience: Available on request
• Outage reporting: Via website UI pop-up and/or email depending on the service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Single or two-factor authentication options are supported.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Responsibility for our information security sits with the Managing Director, and the Head of Consulting is responsible for creating and managing information security policies and their adoption,
• Information security policies and processes: Bright Cyber are Cyber Essentials Certified and ISO 27001 compliant, but not yet certified. Security policies and processes are based on ISO 27001 and we are working towards certification.; ; Domain Tools policies and processes are available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Code is kept in a Git based source code control system and all changes are checked in and thoroughly tested before being put into our production infrastructure. Systems are built and managed using configuration management tools.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: DomainTools utilize US-Cert mailing lists to become aware of vulnerabilities and patch releases, applying patches as deemed appropriate in their infrastructure.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: DomainTools utilizes in-house created tooling to monitor production access patterns, errors, and abuse patterns.
• Incident management type: Undisclosed
• Incident management approach: DomainTools have 24x7x365 on-call engineers monitoring and managing any production incidents. Customers can report issues via the DomainTools ZenDesk ticketing system.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Bright Cyber is certified as a Green Small Business. ; ; Our full policy and certificate information is available on our website or by request.; ; Bright Cyber's corporate infrastructure is cloud-first based on Microsoft, AWS, and tier-1 providers with comprehensive environmental and sustainability policies. ; ; Furthermore, we reduce our carbon footprint through the following policies ; ; - Disposing of IT and assets using WEEE-compliant and ISO 14001:2105 certified providers ; - Service delivery is conducted remotely wherever possible ; - Business travel is via public transport wherever possible ; - Service documentation is electronic to reduce printing waste.

  Equal opportunity

  Bright Cyber is committed to fairness in all aspects of our business in how we conduct ourselves with employees, clients, and suppliers. ; ; Our policy is that employees, and potential employees, are treated equally regarding recruitment, pay, development, and career progression opportunities and that we treat people based on merit regardless of disability, gender, race, or similar factors. ; ; Please also see our modern anti-slavery policy on our website or by request.

  Wellbeing

  Bright Cyber recognise that mental fitness is a fundamental pillar in building a high-performing, resilient and sustainable team and that these attributes are important when servicing our clients and their success. ; ; Bright Cyber offers all employees participation in the world-leading Positive Intelligence program to enhance relationships, performance and well-being. ; ; Furthermore, we offer this program as a community initiative to security leaders, without any cost, to increase our social value within our security community. ; ; Details of the program and how to apply are available on our website or by request.

Pricing

• Price: £15,000 to £200,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A POC may be available to prospective buyers. This is a 2-4 weeks trial process and it includes trial access to the product. It involves identifying success criteria with the prospective buyer that will be evaluated upon completion of the POC.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at murray.pearce@bright-cyber.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.