Glossary
What Is Infrastructure Intelligence?
Infrastructure intelligence is the real-time collection, correlation, and analysis of internet infrastructure data — BGP routing, DNS, hosting, WHOIS, DNSSEC, certificate transparency — so security teams can detect, attribute, and respond to threats based on how attackers actually deploy their tools.
Why Traditional Threat Intel Falls Short
Threat-intelligence feeds publish lists of bad IPs, bad domains, bad hashes. Useful — but they describe what an attacker did yesterday. Infrastructure intelligence describes the substrate the attacker is using right now and what they will likely use tomorrow, because campaigns leave fingerprints in the routing, naming, and hosting layers that survive any single IOC rotation.
What Goes Into the Picture
- BGP routing — which ASNs announce which prefixes, how routes change over time.
- DNS — every hostname's resolution history, every zone's nameserver, every CNAME chain.
- Hosting and IP allocation — who actually operates a given IP at a given moment.
- WHOIS / RDAP — who registered a domain, with what email, on what date.
- DNSSEC posture — which zones are signed, with which algorithms.
- Certificate transparency — every TLS certificate ever issued for a hostname.
- Threat feeds — overlay of known-bad activity from intelligence partners.
What Infrastructure Intelligence Lets You Answer
- "Which other domains share a nameserver with this known-bad domain?"
- "Which IPs has this domain ever resolved to in the last five years?"
- "Which ASN currently announces this prefix, and which announced it before?"
- "Which of our vendors deploy DNSSEC and which do not?"
- "What does a typical DGA-generated domain registration footprint look like for this actor group?"
Why a Graph, Not a Database
Most of these questions are multi-hop. They start with one entity (a domain, an IP, an ASN) and ask for everything reachable from there along specific relationship paths. That's a graph problem. Storing the same data in a relational database forces every traversal into expensive joins.
Whisper as Infrastructure Intelligence
Whisper is built around exactly this idea. A custom graph engine, billions of internet-infrastructure nodes and edges, real-time ingestion, and query interfaces for both analysts (Cypher / REST) and AI agents (MCP). Read more about the platform and the technology.