Expander, the Labs’ First Free Community Tool, Provides a Powerful Method to Generate Patterns to Discover Similar Domain Names Widely Used in Cyberattacks
San Mateo, California, October 20th, 2020, Today Farsight Security®, Inc., the premier provider of DNS intelligence tools to digital defenders, introduces Farsight Labs, a new platform for collaboration by the digital defense community. The Farsight Labs platform will offer free access to selected tools, and early access to unreleased or prototype tools. The first such tool is Expander.
Expander enables security professionals to automate the generation of regular expressions, either through a web interface, or command line, or online API. These regular expressions describe deviations from a keyword such as a domain or brand name, where such deviations are commonly used by attackers to create confusing similarities.
“Farsight’s success and relevance depends directly and intimately on the quality and breadth of our engagement with fellow travelers across the industry,” said Paul Vixie, Farsight CEO. “From day one, we have engaged through commercial services and open source tools. With Farsight Labs, we now have an engagement model for our fellow travelers whose work is vital to the economy and whose insights are vital to us.”
Threat hunters, incident responders, brand protection and many other digital forensics and investigation disciplines can use these regular expressions to detect and trace Internet abuse, and other valuable insights for their investigations and analysis (e.g. phishing, brand infringement, botnets, APT activities, etc.). Regular expressions are widely used in security-related services and tools now including DNSDB Flexible Search, a powerful query tool for our flagship historical passive DNS database, DNSDB – the industry’s largest and the oldest collection of unbiased historical data.
To learn more about DNSDB Flexible Search, visit today’s announcement, “Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search, a Powerful Tool to Uncover Phishing, Brand Infringement, and Misinformation Campaigns,” and our blogpost, “DNSDB 2.0 Flexible Search is Now Available!”
About Farsight Labs
At Farsight Security, we strongly believe in and are committed to making the Internet a safe place for everyone. In a significant milestone in our mission, Farsight Labs provides early access to some of our DNS intelligence tools (both commercial and non-commercial) to our customers, partners and individual security contributors so they can get ahead of today’s threats. In addition to tools, Farsight Labs will also share ideas, methods, documentation, scripts, and other resources that will benefit the greater security community. Participants can then try out these tools and methods in their own environments. Registration for Farsight Labs is required. For more details about this community and how to join, visit here. There is no charge to participate.
The benefits of industry collaboration to solve complex problems has a long, successful history in the technology field. In fact, Farsight Security was cofounded by Dr. Paul Vixie, an Internet pioneer and prolific author of open source Internet software including BIND, and many Internet standards documents concerning DNS and DNSSEC.
Expander is a powerful must-have easy-to-use tool for digital defenders’ arsenal looking to detect – and prevent – many types of cyberattacks against their organization.
Expander can transform literal brand names, keywords, and search terms into regular expressions – precise patterns designed to match a search term's appearance or meaning. Using these machine-generated patterns will help defenders to detect malicious activities that rely on confusing similarities.
The use of Expander is not limited to DNSDB 2.0 Flexible Search. The patterns it generates can be used to uncover anomalies in the collection of security logs both in time of normal operation and in time of crisis, or to inspect email flow and DNS queries combating sophisticated phishing attacks, or create IDS and firewall rules, or perform digital discovery, to name a few.
Pricing & Availability
Farsight Labs is a free community – in addition to Farsight customers and partners, all individual security researchers are invited to join. Expander, a free tool, is available now and open to the community.
About Farsight Security, Inc.
Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us at Twitter: @FarsightSecInc.