Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/12/2020
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Farsight Security to Debut Real-Time Security Data Innovations at RSA Conference

Farsight Security to introduce the industry's first Newly Active Domains data feed together with SIE Batch, an easier way to consume real-time data via its Security Information Exchange platform

San Mateo, California, February 12, 2020, Farsight Security®, Inc., the world’s leading provider of DNS Intelligence, today announced significant enhancements to its flagship, Security Information Exchange (SIE) data-sharing platform to help security professionals measurably improve the prevention, detection and response of the latest cyberattacks. These enhancements include:

·      Newly Active Domains:  The industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more). This data is very useful to detect, block, and investigate domains used by threat actors who first acquire new or reuse expired domains, then establish a positive reputation for these domains for a period of time before using them for malicious activity.   

·      SIE Batch: A new easy-to-use and easy-to-integrate delivery method to access data from our powerful, proven real-time solutions – available via both API and a Web interface --  including Newly Observed Domains, DNS Changes and the newly added, Newly Active Domains, as well as high-value third-party data feeds including Darknet, Spam, Phishing URLS and DDoS Events, all available via the company’s flagship Security Information Exchange platform.

Farsight will demonstrate these technical enhancements to the Security Information Exchange at Booth 3338 South at the RSA® Conference, February 24th-28th, 2020 in San Francisco.

"Farsight was founded on the idea of observational security, and the Security Information Exchange (SIE) is at the heart of our business. We are proud how much of the Internet can indirectly be observed through SIE, on both the DNS-related channels and the other less well-known channels. Some SIE users have told us that their use-cases value completeness of data over the timeliness of real-time SIE streaming. So, with SIE Batch, we now have a way to deliver SIE channel information using reliable file transfers, which can be delayed but not damaged by network outages,” said Farsight Security CEO Dr. Paul Vixie. “Farsight will continue to innovate to put observations of Internet infrastructure and behaviour into the hands of responsible defenders, while continuing to avoid the collection of any PII (personally identifiable information). SIE Batch and Newly Active Domains are the next steps in that long journey.”

Farsight: A Pioneer of Real-Time DNS Data Solutions

Founded in 2013, Farsight Security recognized early on the importance of real-time data in cyber investigations. Farsight data provides unmatched fidelity, low latency, high performance and diverse geographic coverage. Below represent a small sample of Farsight’s SIE real-time data channels. For a complete list of SIE Channels, visit here.

 

Newly Observed Domains (NOD)

NOD is a powerful tool to alert on a domain’s initial activity on the Internet. This real-time knowledge allows organizations to block inbound and outbound connections to these domains for, at least, the first 24 hours or until security teams have more intelligence.

 

Newly Observed Hostnames

React in real-time to new hostnames, or fully qualified domain names (FQDNs), when they are first observed. This real-time knowledge allows organizations to watch for and discover infringing domains and malicious host names targeting their users and customers.

 

DNS Changes

Observe changes to domain name configurations, such as when a new domain is created or an existing domain moves to a new IP address, uses different name servers, or migrates to IPv6. This real-time knowledge on a host-by-host basis enables operational capabilities to detect domain hijacking and unexpected or unauthorized changes to DNS configuration. 

 

DNS Errors

Reports the domain names people are trying to resolve but cannot. This real-time knowledge includes all available data about unsuccessful DNS queries, including the SERVFAIL and REFUSED messages, that is otherwise difficult to obtain global perspective for the operational monitoring of name servers.

 

NXDomains

Leverages the “No Such Domain” responses delivered when failing to reach domains or hostnames. This real-time knowledge provides the ability to empirically characterize user mistakes, identify configuration errors, and collect potentially valuable brand protection opportunities with similar domain names.

 

Pricing & Availability

SIE Batch and Newly Active Domains will be available on February 24th, the first day of the RSA® Conference.

SIE Batch will be available to users who subscribe to one or more SIE Channels and can be purchased as either a standalone access method or as a complimentary access method to SIE Remote Access, SIE Lan and AXA-Rest. 

Newly Active Domains will be available as a separate channel. To obtain pricing for Newly Active Domains or any other real-time channels available on the Security Information Exchange, please contact [email protected]

 

About Farsight Security, Inc

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us on Twitter: @FarsightSecInc.

 

Karen Burke

Director of Corporate Communications

Farsight Security, Inc.

[email protected]

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5347
PUBLISHED: 2020-04-04
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2020-5348
PUBLISHED: 2020-04-04
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
CVE-2020-8142
PUBLISHED: 2020-04-03
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was how...
CVE-2020-8143
PUBLISHED: 2020-04-03
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/...
CVE-2020-8147
PUBLISHED: 2020-04-03
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.