Threat Intelligence

04:14 PM
Dark Reading
Dark Reading
Products and Releases

Farsight Securitys Flagship DNSDB Grows to 100B Records, Arming Threat Intelligence Teams with Unprecedented Historical and Real-time Intel to Fight Cybercrime

SAN MATEO, Calif., Oct. 04, 2017 -- Farsight Security, Inc. today announced that Farsight’s flagship product, DNSDB, has grown from 35 billion in 2014 to over 100 billion records, each representing a unique observation of global DNS resolutions. DNSDB is a real-time snapshot of the changing Internet dating back to 2010, and contains the Domain Name System (DNS), the Internet’s “phone book,” in a single, easy-to-use indexed database so security analysts can gain critical information about past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals.

“As the Internet has grown, criminal activity has risen as well. We built DNSDB to scale so it can easily keep up and so organizations have access to a wealth of data to reduce their security risk,” said Dr. Paul Vixie, cofounder and CEO of Farsight Security, Inc.  “Every cybercriminal leaves a digital footprint in the DNS.  By discerning and following those footprints using DNSDB, our clients can associate a suspicious domain name to its IP address and complete history since 2010, enabling them to get a full view of their attacker’s infrastructure as well as new intelligence about malicious activity against their organization,” he added.

“In confronting advanced attacks, Fidelis can’t rely on static indicators alone. Fidelis automates detection and response and to do that, we need to be able to find what other infrastructure is related to those attacks. That’s where Farsight’s DNSDB service shines. Whether it’s enumerating organized cybercrime group’s infrastructure in order to perform a targeted takedown with law enforcement or tracking threat actors who are involved in trying to influence elections, the size and breadth of DNSDB data make it a key asset,” said John Bambenek, Manager, Threat Systems, Fidelis Cybersecurity.

“Leveraging the wealth of data in Farsight's DNSDB allows ThreatConnect users the capability to quickly and effectively investigate an adversary's intentions, and the potential risks that their organization may be exposed to during an attack," said Jody Caldwell, Director of Customer Success, ThreatConnect, Inc.

“Farsight's DNSDB provides rich historical and real-time insight that is critical to our threat intelligence team's effort to identify and annotate malicious cyber campaigns. DNSDB is a valuable resource, for both type and size of data that we use to proactively hunt adversary tactics, techniques, and procedures and research recent security events," said Levi Gundert, VP of Threat Intelligence and Strategy, Recorded Future.

DNS Records: Rich In Intelligence for Threat Hunting

Farsight DNSDB offers every type of DNS record including A (Address), AAAA (IPv6 Address), CNAME (Canonical Name), MX (Mail Exchanger), NS (Name Server), SOA (Start of Authority) and TXT (Text) records. Since DNS is at the center of every cybercriminal activity, investigators need access to every record type to increase the speed and accuracy of detecting and responding to cyberattacks.  Each DNS record type can provide useful information for an investigation. For example.

A Records map a Fully-Qualified Domain Name (FQDN) to an IPv4 address AAAA Records map FQDN to IPv6 address NS Records show name servers are configured – bad guys will often move a domain to multiple name servers to avoid detection MX Records direct email to the proper mail servers for the domain SPF, TXT describe spam policy of a domain

The Growth of Farsight DNSDB

Farsight has architected DNSDB to keep pace with the increasing use of the Internet represented by billions of DNS look-ups originating from both users and devices across the globe. While DNSDB is designed to scale efficiently, it is also designed to maintain our commitment to user privacy – i.e., no Personal Identifiable Information is collected.

Some of the reasons for DNSDB’s growth include:

The growth of Farsight’s global sensor array The increased frequency that the Domain Name System (DNS) is updated or changed The significant increase in machine-driven use of Internet identifiers as infrastructure migrates from static “servers” into “the cloud”

The rise in domain name registrations

Pricing & Availability

Farsight DNSDB is available as an on-premise solution (Farsight DNSDB Export) or RESTful API. To learn more about services, pricing and other information, please contact Farsight Security at [email protected] or call +1-650-489-7919.


About Farsight Security, Inc.


Farsight Security is the world's largest provider of historic and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response.

Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at or follow us on Twitter: @FarsightSecInc.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.