Introducing Farsight Workbench for Threat Hunters



In October 2020, Farsight announced Farsight Labs, a new platform for collaboration by the digital defense community. Farsight Labs offers free access to selected tools, and early access to unreleased or prototype tools.

Today, Farsight Labs introduces Farsight Workbench, a new, experimental graphical interface that enables threat hunters and other investigators to manage multiple answer sets relating to an investigation, using advanced tools such as iteration, pivots, time-fenced subselections, and combination of results obtained from one or several at-rest data troves, ranging from DNSDB Standard Search (Farsight and SIE Europe) and other third-party passive DNS data, to an enterprise’s own data set.

Farsight Workbench is a proven tool – it has been used by hundreds of select investigative journalists, sophisticated threat hunters and other investigators around the world over the past few years. Today, we bring it out of stealth mode to make it available to all Farsight Labs users and look to the community to provide broader feedback.

More details about this new tool – and our other terrific tools that we are also launching today, including DNSDBFront and Farsight Virtual Starter Kit – can be found in our Labs quarterly newsletter, Farsight Observer. The second issue of this newsletter is published today. Both the tool and the newsletter are now available on the Farsight Labs site located at

Invitation to Join Farsight Labs

Interested in becoming a Labs member? It's easy – just signup on the site. There is no fee for participation, no contract to sign, no service level guarantee, no spam, no surveillance, and no salesman will call. And, you will also get access to the Morning Roundup, a curated edition of the day's news surrounding DNS, cybersecurity, privacy, misinformation and much more. Just click the signup box on your Labs settings page.

Finally: Every Farsight Observer leads with a "Note from the CEO" – insights about particular security events, trends or innovations from Internet Pioneer and Farsight Security CEO Dr. Paul Vixie. I wanted to share with you below the "Note" from our inaugural newsletter published a few months ago. To get the latest "Note from the CEO," I invite you to join Labs and read our latest Farsight Observer.


A few days ago a close friend said to me:

“Just read NYT piece on Russian Hacking of our government systems. WTF are the implications? Why can’t we defend ourselves against this?”

On the topic of “was it the Russians?” allow me to quote widely followed blogger Abraham Lincoln who said, “Attribution on the Internet is a sh*t show”. It’s very difficult to prove the source or intent of most attacks, even if that proof is allowed to include sensitive details about such an attack, which is to say, never. Therefore, let’s move on.

As to the implications, we can look to the poet Sting who wrote, “They build machines that they can’t control, And bury the waste in a great big hole”. In the information age everything of value either is virtual or can be controlled or stolen virtually. Fortunes, reputations, empires, lives, all of it will depend on information control. But the computers and networks and protocols we do it with are mostly just toys.

Finally, why can’t we defend ourselves? Because our risks come to us through counterparties – our friends, customers, suppliers, schools, governments, pretty much everyone we share information with or from, are often hacked. Forget the aphorism “trust but verify” because you must not trust and you can not verify.

What’s all this got to do with Farsight Labs? Well, my team started working in 2008 on the problems of understanding and observability, which I felt were foundational to all modern (digital; virtual) risks. A dozen years later a lot of other Internet security teams are now using our language to describe the problems they’re solving – a proud moment!

But even as strong as Farsight has become at helping digital defenders understand their assets, their opponents’ powers, and the resulting risks, I worried that a significant fraction of the defender population wasn’t engaging with us. And that’s why we launched Farsight Labs: because we want to reach better answers to reasonable questions like “Why can’t we defend ourselves against this?”



Karen Burke is the Director of Corporate Communications for Farsight Security, Inc..