In minutes, domain names, IP addresses and other Internet identifiers can be crafted or acquired by bad actors for predatory purposes including unwanted traffic, malware distribution, confusing similarities, pump and dump schemes, and every other nefarious activity which relies on high-quality DNS service.
To counter fast-evolving threats, enterprises need effective, easy-to-use Protective DNS solutions based on real-time intelligence. Protective DNS is a set of security services, including DNS Firewalls, developed to protect enterprises against the abuse of Domain Name System (DNS) assets, including domain names and IP addresses.
Farsight has offered Protective DNS technologies since 2014, when the company first launched Newly Observed Domains (NOD). Among the Protective DNS solutions we offer:
Response Policy Zones (RPZ) is a distributed DNS Firewall solution first created by current members of the Farsight team in 2010. RPZs have become a go-to security tool for enterprises, who can select their preferred commercial and open-source policy RPZ feeds that address their specific security threats, from phishing and ransomware to Domain Generation Algorithm (DGA) botnets and more.
Farsight Security has longstanding partnerships with ThreatSTOP, BlueCat Networks and Infoblox and other fellow DNS Firewall (RPZ) technology and policy providers to network operators who keep their DNS services on-premise or in-perimeter, as well as several Protective DNS providers including DNSFilter and Heimdal Security who offer DNS Firewall services in the cloud for network operators who prefer to outsource.
By studying the investigation into the SUNBURST attack, this case study demonstrates how cyber analysts can easily and quickly examine and visualize the scale of a malware attack— whether during or after the incident—using Farsight DNSDB passive DNS data and Maltego.Download