CTI Grapevine Becomes DomainTools Investigations

Hello CTI Grapevine Superfriends!

You may have noticed some subtle changes to our website: As of today, CTI Grapevine became part of the newly-launched DomainTools Investigations (DTI) family. Since this shift may come as a surprise to some of our avid readers, I wanted to share why we believe it is a great move for our community:

CTI Grapevine was started as an initiative by us, for us: The researchers, analysts, defenders, and the quiet types you never hear about publicly, but who behind the scenes help make the Internet a safer place. You know who you are. We wanted to explore what it would be like for the community if we published relevant and timely Domain- and DNS-related security snacks – “bite size research,” if you will. We had some really great success with this in 2024. You, the community, gave us both positive and constructive feedback on areas of growth, what you wanted us to improve on, and how we could be a better resource to the community at large. As we brainstormed on how to grow the program, we kept coming back to a DomainTools core principle: Community First! 

On a personal note, this core principle is one of the top reasons I stayed with DomainTools after my previous employer Farsight Security was acquired – The InfoSec Community has been a key part of my career for over 20 years, I would not be where I am today without it. In 2002, I started attending The Agora in Seattle, one of the first quarterly closed-vetted InfoSec meetups. After a few years as an attendee, I got involved and helped to organize and host the events for another decade+. Around 2007, I started attending other great community-focussed conferences like ISOI, and later ACoD, DCC, UE – IYKYK. I mention all this to underline how serious I am in my commitment to The Community, and as the Head of DomainTools Investigations, I will make sure we do not stray from that path.

In the spirit of supporting the community, we knew we needed to be extremely thoughtful in providing more resources. We pitched a program that could attract and sustain kickass researchers and analysts who could focus on providing their expertise on an ongoing basis. Our bosses listened, and decided to give us a year to prove ourselves. And so, DTI was formed as a community-based research effort focused on investigating, mitigating, and preventing Domain- and DNS-based attacks. (And yes, we love puns and DTI is a play on CTI…see what we did there?) With the launch of DTI, building on the foundation of CTI Grapevine, the cybersecurity community will have expanded access to:

• Insights on advanced persistent threats (APTs), nation-states, cyber-espionage groups, business email compromise (BEC), and more
• Published research on the DTI website and available via webinars, closed door sessions, and conferences
• A yearly report that dives into the nuances of Domain- and DNS-based attacks

You can get all of this goodness right here on the site, and never miss an update by setting up an RSS feed to dti.domaintools.com. Additionally, you can find us on the socials (Mastodon: @[email protected], Bluesky @domaintools, X @domaintools, LinkedIn https://www.linkedin.com/company/domaintools/ ), or come say “Hi” at various conferences and events we will be frequenting all year long!

Here is to an exciting year ahead, and to borrow a signature word from one of my friends and mentors: Excelsior!

Daniel Schwalbe
CISO and Head of Investigations 
DomainTools

PS: Let’s talk about tracking for a minute. More specifically website page views, and email open tracking, or what the kids call “engagement” these days. When we first launched CTI Grapevine, we intentionally had zero tracking on the site. This is somewhat rare in the industry, but as a security and privacy professional, I am allergic to tracking. I block it wherever and however I can. Being in control of DNS resolutions on your own Network is very useful for that purpose. 

But if as a business you must track, at least be as transparent as possible about it. So this is the approach we are taking here. The bargain we made with our bosses in order to take DTI to the next level was to sign up for some KPIs, and we need some kind of measurement to see if we hit those KPIs. We use Google Analytics with tags, and Marketo Measure (Bizible / Adobe). We won’t gate content, and we won’t use more invasive tracking.

Sure, tracking on websites can be blocked by the browser, and almost every email client now has the ability to block open tracking. We accept it, and are OK with that. But if you feel so inclined and want to support our program, maybe consider letting some of that tracking through.