Modat adds Passive DNS to Magnify platform as fourth intelligence pillar

The Hague-based internet intelligence firm said Passive DNS is now natively integrated into Magnify, unifying IP, certificate and device signals in one graph.

By The Datatech Times Editorial Team
An empty, brightly lit control room features a large curved video wall displaying a glowing blue-green data visualization, with multiple rows of workstations equipped with computer monitors and chairs.

Modat has launched native Passive DNS intelligence inside its Magnify platform, bringing domain-resolution history into the same pivot-driven investigation graph that already links IP addresses, TLS certificates and clustered device fingerprints. The Netherlands-based firm says the addition removes the need for analysts to reconcile outputs from separate tools before they can act on a lead.

The company, founded in The Hague in 2024, positions Magnify as architecturally distinct from tools that treat one signal as primary and bolt on others as secondary lookups. With Passive DNS now embedded, an analyst can start from a domain and retrieve every IP that has hosted it, trace a TLS certificate to every domain it has secured, or follow a device fingerprint cluster to every host running the same software stack, all within a single query path.

What the platform does

The Passive DNS capability ships with four headline functions. Infrastructure pivoting allows movement across IP, domain, certificate and device fingerprint data with relationships preserved rather than rebuilt. Automated threat correlation matches newly observed domains and IPs against known indicators of compromise, threat actor tactics and malware families in real time. Retrospective analysis lets investigators reconstruct an attacker's infrastructure lifecycle by querying historical DNS records alongside Magnify's existing IP and certificate timelines. The platform also exposes a REST API for integration with SIEM, SOAR and third-party threat intelligence feeds.

Soufian El Yadmani, chief executive and founder, said that most internet intelligence tools were built "one signal at a time, and it shows, analysts spend more time stitching evidence together than acting on it." He described Passive DNS as "the fourth pillar that makes the picture more complete," adding that the milestone was being shared with the global security community at FIRSTCON26, the annual Forum of Incident Response and Security Teams conference.

The capability is available immediately to enterprise customers and managed security service providers. Modat said a live demonstration would be on offer at its booth at FIRSTCON26.

Market context

The internet intelligence and threat-hunting tools market is well populated. Established players such as Recorded Future, Shodan, Censys and DomainTools each emphasise different primary signals, and hyperscalers have been embedding similar enrichment capabilities into broader security portfolios. Modat's pitch, that graph-native multi-signal pivoting is structurally superior to bolt-on enrichment, echoes arguments made by graph-database security vendors over the past several years, though the company has not published independent benchmark data comparing investigation speed or coverage against named alternatives.

Modat describes itself as "the only European internet intelligence company," a claim the release does not substantiate with reference to a named third party. That framing will carry weight with European buyers who face data-sovereignty requirements under GDPR and NIS2, and for national CERTs and critical infrastructure operators who are subject to additional data-localisation obligations. The company's stated customer base of national CERTs and large enterprises in multiple continents suggests some traction, but no named reference customers are disclosed.

Regulatory read-across

The NIS2 Directive, which EU member states were required to transpose by October 2023, imposes enhanced threat-intelligence sharing and incident-reporting obligations on operators of essential services. Tools that consolidate infrastructure intelligence into a single auditable graph are well aligned with those compliance workflows. Separately, the EU AI Act's transparency obligations may become relevant as Modat emphasises AI-driven analysis in its platform description, though the company has not published details of which AI components are used or how they are governed.

Modat was founded two years ago and has not disclosed funding, revenue or customer counts. The next milestones investors and buyers will watch for are named enterprise references and published coverage or accuracy benchmarks for the Passive DNS dataset.

Sector

Topic

Geography