Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/12/2020
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Farsight Security to Debut Real-Time Security Data Innovations at RSA Conference

Farsight Security to introduce the industry's first Newly Active Domains data feed together with SIE Batch, an easier way to consume real-time data via its Security Information Exchange platform

San Mateo, California, February 12, 2020, Farsight Security®, Inc., the world’s leading provider of DNS Intelligence, today announced significant enhancements to its flagship, Security Information Exchange (SIE) data-sharing platform to help security professionals measurably improve the prevention, detection and response of the latest cyberattacks. These enhancements include:

·      Newly Active Domains:  The industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more). This data is very useful to detect, block, and investigate domains used by threat actors who first acquire new or reuse expired domains, then establish a positive reputation for these domains for a period of time before using them for malicious activity.   

·      SIE Batch: A new easy-to-use and easy-to-integrate delivery method to access data from our powerful, proven real-time solutions – available via both API and a Web interface --  including Newly Observed Domains, DNS Changes and the newly added, Newly Active Domains, as well as high-value third-party data feeds including Darknet, Spam, Phishing URLS and DDoS Events, all available via the company’s flagship Security Information Exchange platform.

Farsight will demonstrate these technical enhancements to the Security Information Exchange at Booth 3338 South at the RSA® Conference, February 24th-28th, 2020 in San Francisco.

"Farsight was founded on the idea of observational security, and the Security Information Exchange (SIE) is at the heart of our business. We are proud how much of the Internet can indirectly be observed through SIE, on both the DNS-related channels and the other less well-known channels. Some SIE users have told us that their use-cases value completeness of data over the timeliness of real-time SIE streaming. So, with SIE Batch, we now have a way to deliver SIE channel information using reliable file transfers, which can be delayed but not damaged by network outages,” said Farsight Security CEO Dr. Paul Vixie. “Farsight will continue to innovate to put observations of Internet infrastructure and behaviour into the hands of responsible defenders, while continuing to avoid the collection of any PII (personally identifiable information). SIE Batch and Newly Active Domains are the next steps in that long journey.”

Farsight: A Pioneer of Real-Time DNS Data Solutions

Founded in 2013, Farsight Security recognized early on the importance of real-time data in cyber investigations. Farsight data provides unmatched fidelity, low latency, high performance and diverse geographic coverage. Below represent a small sample of Farsight’s SIE real-time data channels. For a complete list of SIE Channels, visit here.

 

Newly Observed Domains (NOD)

NOD is a powerful tool to alert on a domain’s initial activity on the Internet. This real-time knowledge allows organizations to block inbound and outbound connections to these domains for, at least, the first 24 hours or until security teams have more intelligence.

 

Newly Observed Hostnames

React in real-time to new hostnames, or fully qualified domain names (FQDNs), when they are first observed. This real-time knowledge allows organizations to watch for and discover infringing domains and malicious host names targeting their users and customers.

 

DNS Changes

Observe changes to domain name configurations, such as when a new domain is created or an existing domain moves to a new IP address, uses different name servers, or migrates to IPv6. This real-time knowledge on a host-by-host basis enables operational capabilities to detect domain hijacking and unexpected or unauthorized changes to DNS configuration. 

 

DNS Errors

Reports the domain names people are trying to resolve but cannot. This real-time knowledge includes all available data about unsuccessful DNS queries, including the SERVFAIL and REFUSED messages, that is otherwise difficult to obtain global perspective for the operational monitoring of name servers.

 

NXDomains

Leverages the “No Such Domain” responses delivered when failing to reach domains or hostnames. This real-time knowledge provides the ability to empirically characterize user mistakes, identify configuration errors, and collect potentially valuable brand protection opportunities with similar domain names.

 

Pricing & Availability

SIE Batch and Newly Active Domains will be available on February 24th, the first day of the RSA® Conference.

SIE Batch will be available to users who subscribe to one or more SIE Channels and can be purchased as either a standalone access method or as a complimentary access method to SIE Remote Access, SIE Lan and AXA-Rest. 

Newly Active Domains will be available as a separate channel. To obtain pricing for Newly Active Domains or any other real-time channels available on the Security Information Exchange, please contact [email protected]

 

About Farsight Security, Inc

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us on Twitter: @FarsightSecInc.

 

Karen Burke

Director of Corporate Communications

Farsight Security, Inc.

[email protected]

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15394
PUBLISHED: 2020-09-25
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
CVE-2020-15521
PUBLISHED: 2020-09-25
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
CVE-2020-26103
PUBLISHED: 2020-09-25
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
CVE-2020-26104
PUBLISHED: 2020-09-25
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
CVE-2020-26105
PUBLISHED: 2020-09-25
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).