DomainTools, a leading provider of domain and DNS-based cyber threat intelligence, has announced the creation of a new research division called DomainTools Investigations (DTI). This initiative aims to bolster the cybersecurity community’s defenses against domain and DNS-based attacks through comprehensive research and analysis.
The new unit will leverage DomainTools’ vast database of active and passive DNS information, accumulated over two decades, to analyze threat actor behavior and identify emerging patterns in real-time. DTI’s findings will be made available to the cybersecurity community through various channels, including the DTI website, webinars, and industry events.
“The industry phrase – ‘It’s Always DNS’ – has never been truer than in 2024. The purpose of DTI in 2025 is to relentlessly analyze tactics, techniques and procedures (TTPs) we’re seeing and inform the community of the evolution of these practices,” said Brendan O’Connell, chief product officer. “The work being done within DTI is critical within the security industry and provides every organization with the tools they need to protect themselves today.”
Leading the DTI team is Daniel Schwalbe, a veteran cyber industry expert with extensive experience tracking cybercriminals and nation-state actors across various sectors. As head of investigations and CISO at DomainTools, Schwalbe emphasizes the team’s commitment to sharing actionable insights with the broader security community.
The formation of DTI comes at a critical time, as threat actors increasingly employ sophisticated tactics such as credential phishing and banking trojans for financial gain. By focusing on advanced persistent threats, nation-state activities, cyber-espionage groups, and business email compromise DTI aims to provide valuable intelligence to combat these evolving threats.