Shortening Dwell Time Using Farsight Passive DNS



Last month I attended Forrester Research’s annual Security & Risk Forum in National Harbor, MD. In a conversation entitled “Tale of Two CISOs” with Mailchimp CISO Olivia Rose, Bruce Pawelcyzk, Director of IT Security/ CISO for Raytheon Integrated Defense Systems shared that there is one major metric he needs to deliver to his Board – “Dwell time: how long attackers were in our network before we knew it.”

Dwell time is often critical to the success of a cyberattack. Dwell time enables hackers to conduct necessary reconnaissance of their target, identify and exfiltrate critical intellectual property and other assets, and cover their tracks to remain hidden or otherwise undetected. Unfortunately, according to Verizon’s 2019 Data Breach Investigations Report (DBIR), half of organizations are taking months or longer to discover breaches. The result? Dwell time results in high costs for the targeted organization, from remediation to the loss of its crowned jewels, such as trade secrets, financial information and other important assets.

Passive DNS provides unmatched visibility of the changing Internet. Among the Farsight Passive DNS solutions that can play a significant role in reducing dwell time:

Farsight DNSDB –The world’s largest historical passive DNS database dating back to 2010, DNSDB enables security professionals to start with a suspicious domain name or IP address to uncover other DNS assets possibly related to an attack. Bad actors often will reuse the same IP address or nameservers to carry out multiple attacks. By identifying related assets, security professionals can more quickly detect the malicious infrastructure of a single attack – as well as other possible attacks against their network.

Farsight NXDomains – Farsight NXDomains can reveal hostile probes (pre-attack reconnaissance). It offers the ability to empirically characterize user mistakes and identify potentially valuable brand protection opportunities with similar domain names.

Farsight Newly Observed Domains (NOD) –This real-time stream of domain names first observed on the Internet can be used to monitor for brand infractions or block connections to new domains often used in malware, phishing, and spam.

Farsight’s passive DNS solutions are considered the best in the industry. To learn more how we can help your organization reduce the dwell time of attackers, please contact us at

Karen Burke is the Director of Corporate Communications for Farsight Security, Inc.