Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/12/2020
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Farsight Security to Debut Real-Time Security Data Innovations at RSA Conference

Farsight Security to introduce the industry's first Newly Active Domains data feed together with SIE Batch, an easier way to consume real-time data via its Security Information Exchange platform

San Mateo, California, February 12, 2020, Farsight Security®, Inc., the world’s leading provider of DNS Intelligence, today announced significant enhancements to its flagship, Security Information Exchange (SIE) data-sharing platform to help security professionals measurably improve the prevention, detection and response of the latest cyberattacks. These enhancements include:

·      Newly Active Domains:  The industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more). This data is very useful to detect, block, and investigate domains used by threat actors who first acquire new or reuse expired domains, then establish a positive reputation for these domains for a period of time before using them for malicious activity.   

·      SIE Batch: A new easy-to-use and easy-to-integrate delivery method to access data from our powerful, proven real-time solutions – available via both API and a Web interface --  including Newly Observed Domains, DNS Changes and the newly added, Newly Active Domains, as well as high-value third-party data feeds including Darknet, Spam, Phishing URLS and DDoS Events, all available via the company’s flagship Security Information Exchange platform.

Farsight will demonstrate these technical enhancements to the Security Information Exchange at Booth 3338 South at the RSA® Conference, February 24th-28th, 2020 in San Francisco.

"Farsight was founded on the idea of observational security, and the Security Information Exchange (SIE) is at the heart of our business. We are proud how much of the Internet can indirectly be observed through SIE, on both the DNS-related channels and the other less well-known channels. Some SIE users have told us that their use-cases value completeness of data over the timeliness of real-time SIE streaming. So, with SIE Batch, we now have a way to deliver SIE channel information using reliable file transfers, which can be delayed but not damaged by network outages,” said Farsight Security CEO Dr. Paul Vixie. “Farsight will continue to innovate to put observations of Internet infrastructure and behaviour into the hands of responsible defenders, while continuing to avoid the collection of any PII (personally identifiable information). SIE Batch and Newly Active Domains are the next steps in that long journey.”

Farsight: A Pioneer of Real-Time DNS Data Solutions

Founded in 2013, Farsight Security recognized early on the importance of real-time data in cyber investigations. Farsight data provides unmatched fidelity, low latency, high performance and diverse geographic coverage. Below represent a small sample of Farsight’s SIE real-time data channels. For a complete list of SIE Channels, visit here.

 

Newly Observed Domains (NOD)

NOD is a powerful tool to alert on a domain’s initial activity on the Internet. This real-time knowledge allows organizations to block inbound and outbound connections to these domains for, at least, the first 24 hours or until security teams have more intelligence.

 

Newly Observed Hostnames

React in real-time to new hostnames, or fully qualified domain names (FQDNs), when they are first observed. This real-time knowledge allows organizations to watch for and discover infringing domains and malicious host names targeting their users and customers.

 

DNS Changes

Observe changes to domain name configurations, such as when a new domain is created or an existing domain moves to a new IP address, uses different name servers, or migrates to IPv6. This real-time knowledge on a host-by-host basis enables operational capabilities to detect domain hijacking and unexpected or unauthorized changes to DNS configuration. 

 

DNS Errors

Reports the domain names people are trying to resolve but cannot. This real-time knowledge includes all available data about unsuccessful DNS queries, including the SERVFAIL and REFUSED messages, that is otherwise difficult to obtain global perspective for the operational monitoring of name servers.

 

NXDomains

Leverages the “No Such Domain” responses delivered when failing to reach domains or hostnames. This real-time knowledge provides the ability to empirically characterize user mistakes, identify configuration errors, and collect potentially valuable brand protection opportunities with similar domain names.

 

Pricing & Availability

SIE Batch and Newly Active Domains will be available on February 24th, the first day of the RSA® Conference.

SIE Batch will be available to users who subscribe to one or more SIE Channels and can be purchased as either a standalone access method or as a complimentary access method to SIE Remote Access, SIE Lan and AXA-Rest. 

Newly Active Domains will be available as a separate channel. To obtain pricing for Newly Active Domains or any other real-time channels available on the Security Information Exchange, please contact [email protected]

 

About Farsight Security, Inc

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us on Twitter: @FarsightSecInc.

 

Karen Burke

Director of Corporate Communications

Farsight Security, Inc.

[email protected]

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...