THE POWER OF FARSIGHT SECURITYThe landscape of available threat data is massive, but it often lacks the context needed by

security practitioners to take appropriate actions to mitigate threats. Farsight Security (Farsight), founded by Internet pioneer, Dr. Paul Vixie, provides network

security solutions that deliver that critical contextual information, thus significantly increasing the value of Threat Intelligence.

Farsight data solutions help transform traditional threat feeds into actionable data by reducing false positives, accelerating and amplifying the detection of new threats through the correlation of known associates, enhancing mitigation strategies with plug-and-play solutions, and improving predictive models aimed at detecting impending potential threats.

PASSIVE DNS: UNLOCK THE FULL POTENTIAL OF THREAT INTEL DATAToday’s threat landscape is fast-moving — cybercriminals are constantly developing new evasive techniques to avoid detection

and mitigation. For example, they often create domain names for a specific criminal action and quickly discard them — sometimes within five minutes after they were first created.

Unlike prepackaged threat feeds such as IOCs and blacklists that incorporate arbitrary vendor-applied value judgments often rendering low-accuracy threat reputation data, Farsight’s Passive DNS database (DNSDB™) provides a fact-based perspective on the configuration and content of the global DNS as observed through its industry-leading, robust Passive DNS sensor array.

Leveraging the richness of Farsight’s own Security Information Exchange (SIE) Raw Passive DNS broadcast channel, Farsight systems iterate through multiple stages of de-duplication, filtering and quality verification of collected DNS transactions before inserting them into DNSDB along with ICANN-sponsored ZFA download data, thus yielding the highest quality and most comprehensive Passive DNS data service of its kind.

DNSDB is engineered and operated by the world’s leading DNS experts and is the largest, most proven historical collection of Passive DNS data available in the market today. Leveraging the power of the historical and real-time perspectives offered through DNSDB’s high-performance, indexed, time-series DNS intelligence data service is crucial to improving your security program and protecting your infrastructure from current and future threats.

DNSDB BENEFITS IN THE FIGHT AGAINST CYBERCRIME The value of Farsight DNSDB to your organization is far-reaching and makes it a must-have in today’s security team arsenal.

• Increase the Value of your Existing Threat Intelligence by Improving Coverage and Accuracy

– Confirmed threats can be reviewed for known associates, which are easily correlated within DNSDB. If you possess an IP address or a domain name known to be bad, you can quickly correlate it to other related DNS resource records and populate your mitigation systems more accurately and completely.

DNSDB Passive DNS Database

Securing the World’s Digital Infrastructure™

“Farsight Security’s DNSDB is the most complete dataset of its kind.”

Alex Pinto Chief Data Scientist MLSec Project

• Discover Attribution Data for Threats and Associations among Threat Actors

– DNSDB can provide information about threat actors and their motives by answering such questions as: What domain names map to “this” IP address, now and in the past? When was “this” name first used and by whom? What domain names share this same MX record?

• Perform Fact-Based Risk Assessment of Domain Names

– Assess benign versus malicious intent using a combination of logic around first and last observations in Farsight’s Passive DNS sensor array.

– Assign risk weighting to specific DNS objects through the measure of change rates of those objects through time.

• Conduct Third-Party Audit of DNS Configurations

– Periodically review DNSDB content to provide third-party benchmark reference for an enterprise’s publicly visible DNS configurations, assessing that data for changes and possible errors injected into that configuration

DNSDB ACCESS OPTIONS

DNSDB Access APIA RESTful API service that provides responses in line-oriented JSON format.

DNSDB Web UI A Web-enabled service that facilitates human interaction for DNS research. The number of accounts and daily query limit are

based on the subscription level.

DNSDB ExportHosted on subscribers’ infrastructure, Farsight offers an instance of the complete DNSDB database with updates via rsync.

Subscribers are free to access the data using the same powerful RESTful API or, in addition, can scan DNSDB content using open source libraries. With DNSDB Export, subscribers enjoy low-latency, fully-private access to DNSDB content.

DNSDB Passive DNS Database

Farsight Security, Inc.155 Bovet Road, Suite 476San Mateo, CA 94402

Salessales@farsightsecurity.com1-650-489-7919

Websitefarsightsecurity.com

Pricing and Availability

Farsight DNSDB Access services are available today via subscription. For more information on subscriptions or to become a reseller, contact a Farsight Security account executive at sales@farsightsecurity.com, or call 1-650-489-7919 (select option 1).

DNSDB BENEFITS (continued)

DNSDB

Farsight Historical PassiveDNS Data (DNSDB)

Real-time Aggregationand Quality Control of

DNS Data

ICANN ZFAData

Passive DNSSensor Array

SIE

Sensor

Sensor

Sensor