Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/12/2020
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Farsight Security to Debut Real-Time Security Data Innovations at RSA Conference

Farsight Security to introduce the industry's first Newly Active Domains data feed together with SIE Batch, an easier way to consume real-time data via its Security Information Exchange platform

San Mateo, California, February 12, 2020, Farsight Security®, Inc., the world’s leading provider of DNS Intelligence, today announced significant enhancements to its flagship, Security Information Exchange (SIE) data-sharing platform to help security professionals measurably improve the prevention, detection and response of the latest cyberattacks. These enhancements include:

·      Newly Active Domains:  The industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more). This data is very useful to detect, block, and investigate domains used by threat actors who first acquire new or reuse expired domains, then establish a positive reputation for these domains for a period of time before using them for malicious activity.   

·      SIE Batch: A new easy-to-use and easy-to-integrate delivery method to access data from our powerful, proven real-time solutions – available via both API and a Web interface --  including Newly Observed Domains, DNS Changes and the newly added, Newly Active Domains, as well as high-value third-party data feeds including Darknet, Spam, Phishing URLS and DDoS Events, all available via the company’s flagship Security Information Exchange platform.

Farsight will demonstrate these technical enhancements to the Security Information Exchange at Booth 3338 South at the RSA® Conference, February 24th-28th, 2020 in San Francisco.

"Farsight was founded on the idea of observational security, and the Security Information Exchange (SIE) is at the heart of our business. We are proud how much of the Internet can indirectly be observed through SIE, on both the DNS-related channels and the other less well-known channels. Some SIE users have told us that their use-cases value completeness of data over the timeliness of real-time SIE streaming. So, with SIE Batch, we now have a way to deliver SIE channel information using reliable file transfers, which can be delayed but not damaged by network outages,” said Farsight Security CEO Dr. Paul Vixie. “Farsight will continue to innovate to put observations of Internet infrastructure and behaviour into the hands of responsible defenders, while continuing to avoid the collection of any PII (personally identifiable information). SIE Batch and Newly Active Domains are the next steps in that long journey.”

Farsight: A Pioneer of Real-Time DNS Data Solutions

Founded in 2013, Farsight Security recognized early on the importance of real-time data in cyber investigations. Farsight data provides unmatched fidelity, low latency, high performance and diverse geographic coverage. Below represent a small sample of Farsight’s SIE real-time data channels. For a complete list of SIE Channels, visit here.

 

Newly Observed Domains (NOD)

NOD is a powerful tool to alert on a domain’s initial activity on the Internet. This real-time knowledge allows organizations to block inbound and outbound connections to these domains for, at least, the first 24 hours or until security teams have more intelligence.

 

Newly Observed Hostnames

React in real-time to new hostnames, or fully qualified domain names (FQDNs), when they are first observed. This real-time knowledge allows organizations to watch for and discover infringing domains and malicious host names targeting their users and customers.

 

DNS Changes

Observe changes to domain name configurations, such as when a new domain is created or an existing domain moves to a new IP address, uses different name servers, or migrates to IPv6. This real-time knowledge on a host-by-host basis enables operational capabilities to detect domain hijacking and unexpected or unauthorized changes to DNS configuration. 

 

DNS Errors

Reports the domain names people are trying to resolve but cannot. This real-time knowledge includes all available data about unsuccessful DNS queries, including the SERVFAIL and REFUSED messages, that is otherwise difficult to obtain global perspective for the operational monitoring of name servers.

 

NXDomains

Leverages the “No Such Domain” responses delivered when failing to reach domains or hostnames. This real-time knowledge provides the ability to empirically characterize user mistakes, identify configuration errors, and collect potentially valuable brand protection opportunities with similar domain names.

 

Pricing & Availability

SIE Batch and Newly Active Domains will be available on February 24th, the first day of the RSA® Conference.

SIE Batch will be available to users who subscribe to one or more SIE Channels and can be purchased as either a standalone access method or as a complimentary access method to SIE Remote Access, SIE Lan and AXA-Rest. 

Newly Active Domains will be available as a separate channel. To obtain pricing for Newly Active Domains or any other real-time channels available on the Security Information Exchange, please contact [email protected]

 

About Farsight Security, Inc

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us on Twitter: @FarsightSecInc.

 

Karen Burke

Director of Corporate Communications

Farsight Security, Inc.

[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0258
PUBLISHED: 2020-02-17
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
CVE-2015-6922
PUBLISHED: 2020-02-17
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setA...
CVE-2020-9043
PUBLISHED: 2020-02-17
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
CVE-2020-1704
PUBLISHED: 2020-02-17
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privi...
CVE-2019-12954
PUBLISHED: 2020-02-17
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.