Farsight Security today came out of stealth mode with a service that spots potentially malicious new domain names as a way to fight spam and cybercrime activity.
At the helm is DNS pioneer Paul Vixie, the principal author of the pervasive BIND DNS server software and creator of several DNS standards. This is Vixie's first commercial gig after nearly 20 years as founder, chairman, and president of the nonprofit Internet Systems Consortium.
Farsight Security's first offering, also announced today, is Newly Observed Domains (NOD), which provides real-time contextual intelligence about newly created domain names for reputation and threat feeds such as indicators of compromise, whitelists, and blacklists.
"There's no tool on the market for that," Vixie says. The goal of NOD and Farsight's strategy is to make threat intelligence more useful and actionable, according to Vixie.
Tens of thousands of domains are born daily, many of which are for spamming or cyber criminals' infrastructure. According to Farsight, 10% of spam uses domains that are less than 10 minutes old, and the bad guys are regularly registering new domain names to keep their operations up and running and out of reach by law enforcement.
"60% of spammers used domain names that are less than 24 hours old," Vixie says.
"Too many [vendors] are selling threat intelligence feeds... and they are not working," he says. "We’re trying to change the game... We sell context so people can make their own determinations and make [decisions] reliably. We have eyeballs on the ground: this is what we saw, this is what we know."
"I spent most of the 1980s and 1990s making the Internet bigger and easier to use, but unfortunately, the criminals came along for the ride," Vixie says. "We're looking at a day we can tear down criminal infrastructure as fast or faster than it's built."