Farsight Security introduced DNSDB 2.0, which enables security professionals to identify and map domain names and IP addresses associated with bad actors or used in malicious infrastructures, brand infringement campaigns, phishing schemes, ransomware and other cybercrime.
“My team and I set out in 2008 to build the biggest and most diverse surveillance-free observational network, and, in 2010, to build the highest fidelity and highest performing passive DNS database – and we have. We launched Farsight Security as a new company to pursue this work seven years ago, in 2013, and today we are the best in the business,” said Paul Vixie, CEO.
“But we always knew that providing accurate and relevant answers to exact questions was only the beginning, and so we’ve been working on Flexible Search and other features that let us provide relevant answers to approximate, inexact questions. In DNSDB 2.0, we can help investigators find DNS patterns of interest to them even if they don’t know exactly what they’re looking for. This will open a whole new echelon of use cases for our passive DNS technology suite, and we can’t wait to put DNSDB 2.0 into the hands of defenders and investigators to usher in the next era of observational security practices.”
With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. Traditionally, DNSDB has offered only exact matches, or full-label front or back wildcard searches, such as “*.example.com” or “example.*” DNSDB 2.0 adds new flexible search functions so users can better find – and filter out – only the data they need.
Users of DNSDB can now:
- Easily find look-alike domain names used for phishing attacks against their brands
- Identify patterns and find matches for threat actor-generated hostnames/domain names
- Find candidate matches when working with incomplete or redacted information
- Identify domains related to simple generic terms to well-known brand names, from popular products to presidential campaigns
- Uncover possible disparaging domains i.e. (domain\.*sucks) for a given brand
- Search just parts of words. For example, if you’re investigating drug crime, you may want to find all the domains that include oxycon, perco or hydroco