How Threater's DomainTools Integration Improves Network Protection
Domain-based threats continue to be a significant attack vector for cyber criminals launching phishing, malware, ransomware, spam, and other attacks. That’s why Threater is proud to partner with DomainTools, a leading provider of DNS threat intelligence. DomainTools analyzes massive volumes of DNS data and turns this data into actionable threat intelligence. In turn, we deliver this protection as part of our Threat Intelligence Firewall platform.
Together, DomainTools and Threater are enabling our customers to make threat intelligence actionable at a scale beyond what they can do with traditional network security controls like next-generation firewalls.
In this blog, we will provide a high level overview of how we’re working together to make threat intelligence actionable. For more details and to see our partnership in action, we invite you to join our upcoming webinar (Registration info below).
How DomainTools & Threater Are Making Threat Intelligence Actionable
So before we go into what makes this partnership really cool and how it works, let’s just cut to the chase: DomainTools provides threat intelligence and our Threat Intelligence Firewall platform makes this threat intelligence actionable. Together, we are increasing protection for customers.
Now – that’s all very cool, but I’m sure you’re thinking, “How does it work?”
1. A critical component of our platform is threat intelligence. That is why we’ve partnered with leading threat intelligence providers like DomainTools to deliver “out of the box” threat intelligence that increases threat protection for our customers.
2. One of the threat intel feeds we provide as part of our Enterprise Subscription is a Malicious Domain Blacklist that is powered by threat intelligence from DomainTools. Specifically, this is an automated, dynamic blacklist that includes domains with a DomainTools Risk Score of 99 and higher. These are domains that have a high probability of being weaponized for use in phishing, malware, spam, and other attacks.
3. The Threater Threat Intelligence Firewall platform makes this threat intelligence actionable by using it to block known bad traffic before it hits your network.
Now, some of you are probably saying “big deal! You’re integrating a threat feed into your solution and are blocking malicious domain connections. Can’t I do that with my firewall.”
The answer may surprise you! And YES! It is a VERY big deal!
The size of the DomainTools/Threater Malicious Domain Blacklist is typically 22+ million domain indicators at any moment. This is not just BIG it’s MASSIVE!
Trying to integrate a third-party threat intel feed of this magnitude into a next-generation firewall is next to impossible. This is because many firewalls have significant limitations on the volume of third-party threat intelligence they can integrate. For example, the largest and most powerful Palo Alto Networks next-generation firewall can handle a maximum of four million domain indicators and 150,000 IP indicators.
Whereas our Threat Intelligence Firewall platform can handle up to 150 million unique IP and domain indicators at line speed!
(Yes – i can see you saying “WOW!”)
So yeah….
The use of threat intelligence is a critical component of cyber defense. In order to maximize the value of threat intelligence, it needs to be actionable. The combination of threat intelligence from DomainTools and the Threater Threat Intelligence Firewall platform is enabling customers to make DomainTools threat intelligence actionable at a scale that cannot be achieved with next-generation firewalls.
Want to learn more? Guess what! You can learn more about it in our joint webinar: Making Threat Intelligence Actionable with DomainTools and Threater!
You can also download the datasheet to learn more about Threater’s Threat Intelligence Firewall Platform. Or read our post about the new COVID-19-Specific Dynamic Blacklist powered by DomainTools now available to all Threater customers.
If you are interested in upgrading to our Enterprise Subscription to take advantage of the Malicious Domain Blacklist powered by DomainTools, please contact sales@threater.com