From Lookalike Domains to Complex Patterns, DNSDB 2.0 Can Expose a Wide Range of Internet Assets to Help Organizations Uncover Unknown Threats to their Infrastructure, Employees, Partners and Brands
San Mateo, California, August 4th, 2020, As a major technology milestone in the fight against online crime and abuse, Farsight Security®, Inc., a leading cybersecurity provider of DNS Intelligence, today introduced DNSDB 2.0., the next-gen version of its flagship solution. By adding a new range of search capabilities, from simple keywords and substrings as small as two characters to more complex patterns, DNSDB 2.0 enables security professionals to easily – and quickly – identify and map domain names and IP addresses associated with bad actors or used in malicious infrastructures, brand infringement campaigns, phishing schemes, ransomware and other cybercrime.
“My team and I set out in 2008 to build the biggest and most diverse surveillance-free observational network, and, in 2010, to build the highest fidelity and highest performing passive DNS database – and we have. We launched Farsight Security as a new company to pursue this work seven years ago, in 2013, and today we are the best in the business," said Paul Vixie, co-founder and CEO. "But we always knew that providing accurate and relevant answers to exact questions was only the beginning, and so we've been working on Flexible Search and other features that let us provide relevant answers to approximate, inexact questions. In DNSDB 2.0, we can help investigators find DNS patterns of interest to them even if they don't know exactly what they're looking for. This will open a whole new echelon of use cases for our passive DNS technology suite, and we can't wait to put DNSDB 2.0 into the hands of defenders and investigators to usher in the next era of observational security practices.”
Today Farsight Security also announced a DNSDB 2.0 Early Adopter Program for current DNSDB API customers and API trial users. DNSDB 2.0 will be released on October 20th, 2020. To see a demo of DNSDB 2.0, register here for our on-demand webinar scheduled for release on September 9th, 2020.
DNSDB 2.0: What’s New
In June 2020, Farsight Security marked the 10th anniversary of DNSDB. With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. Traditionally, DNSDB has offered only exact matches, or full-label front or back wildcard searches, such as “.example.com” or “example.” DNSDB 2.0 adds new flexible search functions so users can better find – and filter out – only the data they need. Users of DNSDB can now:
- Easily find look-alike domain names used for phishing attacks against their brands.
- Identify patterns and find matches for threat actor-generated hostnames/domain names
- Find candidate matches when working with incomplete or redacted information
- Identify domains related to simple generic terms to well-known brand names, from popular products to presidential campaigns
- Uncover possible disparaging domains i.e. (domain.*sucks) for a given brand
- Search just parts of words. For example, if you're investigating drug crime, you may want to find all the domains that include oxycon, perco or hydroco
To learn more about the many types of searches you can do, visit here.
DNSDB 2.0: Under the Hood
DNSDB 2.0 includes an updated API with enhanced capabilities. Both Farsight supported clients (DNSDB Scout and the command-line tool, dnsdbq) will be enhanced to help facilitate these new search capabilities.
DNSDB 2.0 is powered by two popular search functions, regular expression and globbing. DNDSB 2.0 supports most egrep-style regular expressions (except for capturing groups and backreferences), including simple string searches and partial label searches. At its most basic, a regular expression (or "regex") is just a string that describes a pattern to be matched such as:
- Partial-label wildcards (califor)
- Mid-string wildcards (pay.*l)
Arbitrary regular expressions ^air(port plane).*.(com net org).$
Pricing & Availability
Farsight DNSDB® 2.0 will be available only to current DNSDB API customers and API trial users. As part of the DNSDB 2.0 rollout, the reference implementations supporting the new API protocol, with its corresponding technical documentation, will be released this week. DNSDB 2.0’s new flexible search capabilities will be available on the product’s General Availability (GA) date, October 20th, 2020. For more information about becoming a DNSDB customer, please contact firstname.lastname@example.org. DNSDB is available via an annual subscription. To become a DNSDB API trial user, visit here.
About Farsight Security, Inc.
Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us o Twitter: @FarsightSecInc.