SAN MATEO, Calif., Oct. 04, 2017 -- Farsight Security, Inc. today announced that Farsight’s flagship product, DNSDB, has grown from 35 billion in 2014 to over 100 billion records, each representing a unique observation of global DNS resolutions. DNSDB is a real-time snapshot of the changing Internet dating back to 2010, and contains the Domain Name System (DNS), the Internet’s “phone book,” in a single, easy-to-use indexed database so security analysts can gain critical information about past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals.
“As the Internet has grown, criminal activity has risen as well. We built DNSDB to scale so it can easily keep up and so organizations have access to a wealth of data to reduce their security risk,” said Dr. Paul Vixie, cofounder and CEO of Farsight Security, Inc. “Every cybercriminal leaves a digital footprint in the DNS. By discerning and following those footprints using DNSDB, our clients can associate a suspicious domain name to its IP address and complete history since 2010, enabling them to get a full view of their attacker’s infrastructure as well as new intelligence about malicious activity against their organization,” he added.
“In confronting advanced attacks, Fidelis can’t rely on static indicators alone. Fidelis automates detection and response and to do that, we need to be able to find what other infrastructure is related to those attacks. That’s where Farsight’s DNSDB service shines. Whether it’s enumerating organized cybercrime group’s infrastructure in order to perform a targeted takedown with law enforcement or tracking threat actors who are involved in trying to influence elections, the size and breadth of DNSDB data make it a key asset,” said John Bambenek, Manager, Threat Systems, Fidelis Cybersecurity.
“Leveraging the wealth of data in Farsight's DNSDB allows ThreatConnect users the capability to quickly and effectively investigate an adversary's intentions, and the potential risks that their organization may be exposed to during an attack," said Jody Caldwell, Director of Customer Success, ThreatConnect, Inc.
“Farsight's DNSDB provides rich historical and real-time insight that is critical to our threat intelligence team's effort to identify and annotate malicious cyber campaigns. DNSDB is a valuable resource, for both type and size of data that we use to proactively hunt adversary tactics, techniques, and procedures and research recent security events," said Levi Gundert, VP of Threat Intelligence and Strategy, Recorded Future.
DNS Records: Rich In Intelligence for Threat Hunting
Farsight DNSDB offers every type of DNS record including A (Address), AAAA (IPv6 Address), CNAME (Canonical Name), MX (Mail Exchanger), NS (Name Server), SOA (Start of Authority) and TXT (Text) records. Since DNS is at the center of every cybercriminal activity, investigators need access to every record type to increase the speed and accuracy of detecting and responding to cyberattacks. Each DNS record type can provide useful information for an investigation. For example.
A Records map a Fully-Qualified Domain Name (FQDN) to an IPv4 address AAAA Records map FQDN to IPv6 address NS Records show name servers are configured – bad guys will often move a domain to multiple name servers to avoid detection MX Records direct email to the proper mail servers for the domain SPF, TXT describe spam policy of a domain
The Growth of Farsight DNSDB
Farsight has architected DNSDB to keep pace with the increasing use of the Internet represented by billions of DNS look-ups originating from both users and devices across the globe. While DNSDB is designed to scale efficiently, it is also designed to maintain our commitment to user privacy – i.e., no Personal Identifiable Information is collected.
Some of the reasons for DNSDB’s growth include:
The growth of Farsight’s global sensor array The increased frequency that the Domain Name System (DNS) is updated or changed The significant increase in machine-driven use of Internet identifiers as infrastructure migrates from static “servers” into “the cloud”
The rise in domain name registrations
Pricing & Availability
Farsight DNSDB is available as an on-premise solution (Farsight DNSDB Export) or RESTful API. To learn more about services, pricing and other information, please contact Farsight Security at [email protected] or call +1-650-489-7919.
About Farsight Security, Inc.
Farsight Security is the world's largest provider of historic and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response.
Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.