Cybersecurity professionals lament losing of access to WHOIS database

January 4, 2019

January 4, 2019

[EXCERPT] One of the tools that cybersecurity professionals have historically relied on is access to a WHOIS database, a publicly shared list of records relating to domain names that includes the dates when these were registered, updated, or are due to expire as well as contact details such as the names of individuals or organizations, physical location, phone number, and email address of the domain owners and the IT staff tasked with maintaining them.

But now much of that data is being removed to comply with the mandates of the General Data Protection Rule (GDPR) rule enacted by The European Union. Without access to that data it becomes a lot more challenging to white list domains of known trusted entities versus all the fake domains that cybercriminals rely on to launch malware that needs to communicate back to a command and control mechanism somewhere on the Web.

WHOIS provides valuable information that gives cybersecurity analysts a fair amount of context in terms of how likely it is that a given domain is good or bad, notes Harold Byun, vice president of products and marketing for Baffle, a provider of data encryption tools. Restricting access to this information results in a valuable loss of information that cybersecurity teams can use in their arsenal to counter attackers, adds Byun …

(link to the article)