Iris Intelligence Platform

About the product

1. Iris Investigate / Iris Intelligence Platform
A module for advanced threat analysis based on domain data. It allows you to track connections between domains, IP addresses, DNS servers, and other artifacts. Thanks to pivoting techniques and risk scoring, it allows you to detect malicious C2 infrastructures, analyze phishing campaigns, and assign threats to specific actors. It supports manual investigations and threat hunting.

Features:
a) Pivoting: Moving between related artifacts (e.g., domains, IP addresses, NS, WHOIS).
b) Machine Learning: Detection of malicious patterns in domain infrastructure.
c) Case Management: Ability to create, save, and share investigations.
d) Contextual Intelligence: Contextual analysis (domain reputation, registration history, DNS changes, malware associations).

Applications:
a) Threat hunting
b) Incident response
c) Attribution (linking attacks to threat actors)
d) Proactive analysis of C2 infrastructures

Integration with:
a) SIEM (logging detections as events)
b) Ticket/alert systems (e.g., Jira, Slack)

Iris Detect
A module for monitoring new and suspicious domains, focused on brand protection and threat prevention. It automatically detects domains similar to known names (typosquatting, homographs) before they are activated in attacks. It provides continuous monitoring and alerts to security teams. It helps prevent phishing, spoofing, and reputation loss.

Features:
a) Typosquatting Detection: Identification of domains similar to well-known brands.
b) Lookalike Domains: Detection of domains using visually similar characters (homographs).
c) Monitoring & Alerts: Continuous monitoring of new registrations and alerts about threats.
d) Risk Scoring: Assessment of domain risk based on heuristics and AI.

Applications:
a) Brand protection by creating alerts about new domains similar to the organization’s infrastructure.
b) Phishing prevention based on IOC generation at the registration stage, before domains are activated.
c) Enables immediate defensive domain registration.

Integration with:
a) SIEM (logging detections as events)
b) Ticket/alert systems (e.g., Jira, Slack)

Iris Enrich
API for instant enrichment of IOC data in automation processes (SOAR, SIEM, TIP). Provides information on reputation, WHOIS history, DNS, SSL, ASN, and malicious domain associations. Reduces response time through automatic triage and contextual analysis of alerts. A key component for data integration in an organization’s security ecosystem.

Features:
a) API-based enrichment: Integration with security systems (Splunk, Cortex XSOAR, etc.).
b) WHOIS, DNS, SSL, risk data: Automatic inclusion of complete domain data.
c) Reputation & Risk: Indications of whether a domain is associated with malware, phishing, or botnets.

Applications:
a) Automatic tagging of alerts as “trusted” or “suspicious.”
b) Enriches IOC (domains, IP) with WHOIS, DNS, SSL, reputation, and risk score data.
c) Reduces MTTR (Mean Time to Respond) through context and scoring.

Integration with:
a) SIEM (e.g., Splunk, QRadar, Elastic)
b) SOAR (e.g., Cortex XSOAR, Cortex XSIAM)
c) TIP (Threat Intelligence Platforms, e.g., ThreatConnect, MISP)

See producer

Advantages of the product

A comprehensive approach to domains: from threat detection and analysis to automated response

Access to some of the world's richest DNS, WHOIS, and SSL data

Advanced pivoting and artifact correlation enable the construction of complete threat pictures.

High automation thanks to API and integration with SIEM, SOAR, and TIP systems

Early detection of threats – at the domain registration stage, before they can be used in attacks

Scalability — the tools work well in both small SOC teams and large operations centers.

Direct support for Incident Response, Threat Hunting, and Brand Protection activities

Benefits of Implementation

Significant reduction in detection and response times (MTTD/MTTR). Comprehensive alert enrichment and proactive threat detection enable faster action.

Proactive protection of DNS attack surfaces and brand reputation. Iris Detect allows you to block and respond to potential phishing attacks before they occur.

Better decisions thanks to full data context. Automatic IOC enrichment and manual pivoting enable more accurate analysis and better evidence in IR.

Increased effectiveness of security teams without increasing their numbers. Automation of enrichment and detection allows you to focus on high value-added activities.

Reduce the risk of phishing, spoofing, and malware incidents. Detect and neutralize threats faster at the domain level.

Increased efficiency of Threat Intelligence and Incident Response processes. Integration of tools with existing SOAR/SIEM/TIP architecture without significant costs or process changes.

Strategic advantage in combating threat actors. A more complete understanding of the connections between threat infrastructures enables better preparation and response.