Brookcourt Solutions

DNS & CTI - Domain Tools

DomainTools helps IT Security analysts assess threat levels of unknown domains, profile attackers and quickly enumerate associated internet assets in order to stop attacks early, saving time and money. DomainTools has the most comprehensive data on domain name, DNS and related data for cyber threat intelligence.

Features

• Profile phishing domains and IPs that cyber criminals use
• Identify dangerous infrastructure before domains appear in blacklists
• Profile malicious infrastructure, and analyse the risk of domains
• Look back on DNS records to uncover connections
• Web interface/APIs sources help detect cybercrime and cyberespionage
• Intelligence risk scoring with industry-leading passive DNS data
• IP address changes, registrar changes and name server changes
• Return domain names that sharecommon web host IP address
• IPv4 IP address range sub-allocations
• 4 independent passiveDNS feed sources providing global coverage

Benefits

• Avoid the blind spots that come with inferior data sources
• Pinpoint the most valuable investigative path
• Adversary profiling and attack infrastructure mapping
• Forensic maps of criminal activity to triage threat indicator
• Investigate Collaboration button
• Ease of administration and Licensing Options
• SaaS performance flexibility and architecture
• Support and Training included in the subscription
• Out-of-Box Reporting formats and exports
• Scalable Monitors – best in class

£15,000.00 to £200,000.00 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

255941323840717

Contact

Phil Higgins
01737 886111
contact@brookcourtsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: N/A
• System requirements: Fully SaaS operated accessible via web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: "; Dedicated email support Monday-Friday 07:00-16:00 hrs Pacific / 14:00-23:00 hrs UTC, as well as off-hours email monitoring and responds to inbound support requests < 6hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels L1 support accessed via email at enterprisesupport@domaintools.com; L2 support is provided if issues resolution requires in-depth review and for API/integration support; L3 Onsite support available for a fee depending on time and travel requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: DomainTools Technical and Sales Representatives assist customers to start using the DomainTools services, with introductory, advanced and bespoke training.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: SwaggerHub
• End-of-contract data extraction: Users may generate reports of domain investigations and export those reports in PDF file format. Iris domain investigations can also be exported individually, saved, and imported in Iris as Investigations. Iris search Hash, CSV, and STIX format data exports are also available.
• End-of-contract process: DomainTools Account Management will reach out to the End Customer (or the Reseller Partner if the previous subscription contract was transacted through a Partner) to renew the subscription contract prior to the renewal date. DomainTools also encourages Reseller Partners to actively engage with the End Customer and the DomainTools Account Management Team to renew subscription contracts.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: DomainTools Iris Investigate and DomainTools Detect provide user interfaces.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The DomainTools API provides direct access to the same data that powers the robust research tools on DomainTools.com. It’s designed for server-to-server communication between your system and the DomainTools network using standard HTTPS requests1. Here’s what you get with the DomainTools API:; ; More Domains: Access over 300 million ccTLDs, new TLDs, and all gTLDs—more than anyone else in the industry.; Key Products:; Whois History: Retrieve historical Whois information for domain names.; Reverse Whois: Investigate domain names associated with a specific registrant.; Monitor: Keep track of changes to domain names.; Reliable and Fast Service: Enjoy high-volume, dedicated data centers for reliable and speedy access.; Competitive Pricing: The API is sold as monthly data plans, similar to a cell phone data plan, so you know exactly how much you can use and spend each month.; Free Trial: Test it out before committing to a plan..
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: DomainTools ensures that users aren’t affected by the demand other users are placing on the service through a multi-layered approach focused on redundancy, scalability, and resource isolation.

Analytics

• Service usage metrics: Yes
• Metrics types: Detailed usage reports are provided under the 'My Account' page for quotas in terms of Included/Month, Used and Remaining. Equivalents available via API calls for API services.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Domain Tools

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users may generate reports of domain investigations and export those reports in PDF file format. Iris domain investigations can also be exported individually, saved, and imported in Iris as Investigations. Iris search Hash, CSV, and STIX format data exports are also available. Also integrated with Splunk, IBM Security, Anomali, ThreatConnect, MISP Threat Sharing and Maltego.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • STIX format data exports are also available
  • Iris search Hash
  • Common Event Format
• Data import formats: Other
• Other data import formats: It is not possible to upload client data

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: We do not collect or store buyer's data.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Available on request as a SaaS with 99.9% uptime – https://www.domaintools.com/company/service-level-agreement/
• Approach to resilience: Available on request.
• Outage reporting: Email based notifications are provided to Enterprise customers, announcing planned outages and results of such activity.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: N/A
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type 2 (Data Centre)

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: N/A
• Information security policies and processes: Discussion available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Code is kept in a Git based source code control system and all changes are checked in and thoroughly tested before being put into our production infrastructure. Systems are built and managed using configuration management tools.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Historically have relied on US-Cert mailing lists to become aware of vulnerabilities and patch releases applying patches as deemed appropriate in our infrastructure.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: In-house created tooling to monitor production access patterns, errors, and abuse patterns.
• Incident management type: Undisclosed
• Incident management approach: We have 24x7x365 on-call engineers monitoring and managing any production incidents. Customers can report issues via our ZenDesk ticketing system.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  At DomainTools, we fight every day for a safe, secure, and open Internet for everyone.; Our ability to achieve this goal relies on fostering a culture of creativity, compassion, and inclusivity.; When our employees feel empowered to bring their full selves to work, we all do our best work.; We are committed to investing in and supporting all of our employees who work tirelessly to innovate, make a difference, and work collaboratively to solve difficult problems.

Pricing

• Price: £15,000.00 to £200,000.00 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.