Brookcourt Solutions

Domain Tools

DomainTools helps IT Security analysts assess threat levels of unknown domains, profile attackers and quickly enumerate associated internet assets in order to stop attacks early, saving time and money. DomainTools has the most comprehensive data on domain name, DNS and related data for cyber threat intelligence.

Features

• Profile phishing domains and IPs that cyber criminals use
• Identify dangerous infrastructure before domains appear in blacklists
• Profile malicious infrastructure, and analyse the risk of domains
• Look back on DNS records to uncover connections
• Web interface/APIs sources help detect cybercrime and cyberespionage
• Intelligence risk scoring with industry-leading passive DNS data
• IP address changes, registrar changes and name server changes
• Return domain names that sharecommon web host IP address
• IPv4 IP address range sub-allocations
• 4 independent passiveDNS feed sources providing global coverage

Benefits

• Avoid the blind spots that come with inferior data sources
• Pinpoint the most valuable investigative path
• Adversary profiling and attack infrastructure mapping
• Forensic maps of criminal activity to triage threat indicators
• Investigate Collaboration button
• Ease of administration and Licensing Options
• SaaS performance flexibility and architecture
• Support and Training included in the subscription
• Out-of-Box Reporting formats and exports
• Scalable Monitors – best in class

£12,000 to £200,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

848913307623661

Contact

Phil higgins
01737886111
contact@brookcourtsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Usage based licensing/subscription model with unlimited user accounts, but limited by queries per month (actual usage).
• System requirements: Fully SaaS operated and accessible via web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Online support available 24/7.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat support if needed for online case resolution.
• Web chat accessibility testing: N/a
• Onsite support: Yes, at extra cost
• Support levels: Support levels L1 support accessed via email at memberservices@domaintools.com; L2 support is provided if issues resolution requires in-depth review and for API/integration support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: DomainTools Technical and Sales Representatives assist customers to start using the DomainTools services, with introductory, advanced and bespoke training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users may generate reports of domain investigations and export those reports in PDF file format. Iris domain investigations can also be exported individually, saved, and imported in Iris as Investigations. Iris search Hash, CSV, and STIX format data exports are also available.
• End-of-contract process: DomainTools Client Services will reach out to the End Customer (or the Reseller Partner if the previous subscription contract was transacted through a Partner) to renew the subscription contract prior to the renewal date. DomainTools also encourages Reseller Partners to actively engage with the End Customer and the DomainTools Client Services Team to renew subscription contracts.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: DomainTools services can be accessed from both mobile and desktop devices in the same manner.
• Service interface: Yes
• Description of service interface: DomainTools Iris and DomainTools PhishEye provide user interfaces.
• Accessibility standards: None or don’t know
• Description of accessibility: N/a
• Accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: DomainTools offers numerous APIs to integrate with other solutions.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: DomainTools customers may change the user interface of DomainTools products to suit their workflows.

Scaling

• Independence of resources: DomainTools services are overload protected by limiting API calls to 240 per minute. We have software in place to detect abusive traffic and limit impact as well as monitoring in place for errors and timeouts.

Analytics

• Service usage metrics: Yes
• Metrics types: Detailed usage reports are provided under the 'My Account' page for quotas in terms of Included/Month, Used and Remaining. Equivalents available vi API calls for API services.
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Domain Tools

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users may generate reports of domain investigations and export those reports in PDF file format. Iris domain investigations can also be exported individually, saved, and imported in Iris as Investigations. Iris search Hash, CSV, and STIX format data exports are also available. Also integrated with Splunk, IBM Security, Anomali, ThreatConnect, MISP Threat Sharing and Maltego.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • STIX format data exports are also available
  • Iris search Hash
  • Common Event Format
• Data import formats: Other
• Other data import formats: DomainTools services do not provide open data upload options.

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Available on request as a SaaS with 99.9% uptime – no reimbursement for downtime.
• Approach to resilience: Available on request.
• Outage reporting: Email based notifications are provided to Enterprise customers, announcing planned outages and results of such activity.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Single or two factor authentication options are supported.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Rapid Comply
• PCI DSS accreditation date: 07/1 2007
• What the PCI DSS doesn’t cover: The only systems covered by PCI DSS are the ones involved in the credit card transactions. This doesn't include customer management database, data gathering systems, data processing systems, nor any customer facing web infrastructure.
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Discussion available on request.
• Information security policies and processes: Discussion available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Code is kept in a Git based source code control system and all changes are checked in and thoroughly tested before being put into our production infrastructure. Systems are built and managed using configuration management tools.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Historically have relied on US-Cert mailing lists to become aware of vulnerabilities and patch releases applying patches as deemed appropriate in our infrastructure.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: In-house created tooling to monitor production access patterns, errors, and abuse patterns.
• Incident management type: Undisclosed
• Incident management approach: We have 24x7x365 on-call support managing any production incidents. Customers can report issues via our ZenDesk ticketing system.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £12,000 to £200,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Available on request.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.