Increase Incident Response Speed and Accuracy with Farsight DNSDB and Demisto Enterprise
Every transaction, good or bad, begins with a DNS lookup. While a cybercrime investigation often begins with just a suspicious domain name or IP address, attackers may use dozens, hundreds, even thousands of Indicators of Compromise (IoCs) in a single malicious cyberattack, magnifying the scope and complexity of the investigator’s challenge.
To measurably improve the speed and accuracy of incident response, security analysts need to uncover and gain context for all connected DNS-related digital artifacts, in seconds, using a comprehensive, intelligent search process. Now, they can – with the integration of Farsight DNSDB, the world’s largest historical passive DNS database with more than 100 Billion DNS records, and Demisto Enterprise, the first and only comprehensive platform for security operations that combines security orchestration, incident management, machine learning and interactive investigations.
The Value of Passive DNS in Digital Investigations
Internet visibility and history is critical in any investigation. Farsight DNSDB provides a real-time snapshot of the changing Internet dating back to 2010. It contains the Domain Name System’s past and current history of digital artifacts such as IP addresses and domain names used by cybercriminals.
By querying Farsight DNSDB, users can instantly complete previously time-consuming or complex investigation tasks including:
*Identify all domains associated with a suspicious netblock
*Uncover all domains using the same name server infrastructure used by a known-bad domain
*Discover the IPs that a known adversary is using to hop around and avoid takedowns
For more information on Farsight DNSDB, download our whitepaper, “Passive DNS for Threat Intelligence.”
To learn more about Farsight DNSDB’s integration with Demisto, please read this companion blog on the Demisto website.
About Demisto Enterprise
With an increasing flood of alerts, incident response teams, security analysts and other threat intelligence practitioners can’t keep up. They need a way to be able to automate response and resolution of these alerts/tasks. Additionally, resolution usually requires integrating with various security tools and being able to take actions across those security tools like “hunt for a hash,” “ban an IP,” “check reputation of a URL,” etc.
Demisto Enterprise delivers a complete solution that helps Tier 1 through Tier 3 analysts and SOC managers to optimize the entire incident lifecycle while auto documenting and journaling all the evidence. Demisto forms a central console where actions across 140+ security products can be orchestrated through task-based workflows called playbooks. These playbooks are supported by native incident management and a real-time War Room where analysts can collaborate, run live commands and leverage AI-powered chatbots.
By leveraging the Demisto Farsight DNSDB integration, security practitioners can automate critical tasks to gain actionable insights into existing threat indicators and avoid deadtime by coordinating actions across security projects on a single console. Existing Farsight DNSDB customers can re-use their DNSDB-API keys within the Demisto Community Edition here. No-charge 30-day trial keys for DNSDB for use within either Demisto Community Edition or Demisto Enterprise are available here.
Karen Burke is Director of Corporate Communications for Farsight Security,Inc.
← Blog Home