As adversaries refine and evolve their attack methods, data must be collected and shared in real-time so that security teams can detect and respond to threats with equal speed.
Security professionals have a wealth of data but much of it is data from the past — the equivalent of looking in the rear view mirror while trying to drive forward. They need real-time insights into global Internet activity to increase the actionable value of threat data and understand their impact.
“Farsight’s SIE platform is the most complete real-time security telemetry of its kind.”
SIE data enables security professionals to accurately identify, map, and protect their networks from cybercrime activity by providing global visibility on a turnkey basis. It provides immediate access to worldwide real-time data without the need to develop or deploy your own data collection infrastructure. Using data collected from Farsight’s global sensor array, SIE streams more than 200,000 observations per second, including:
Real-time views of DNS cache-miss traffic from Internet recursive resolvers. The data includes DNS configuration and content records that authoritative name servers provide to those recursive name servers.
Real-time de-duplicated, filtered and verified Passive DNS data when observed on the Internet.
A collection of threat-oriented feeds including honeypot data (darknet and spam), botnet (e.g., Conficker) sinkhole data. It also includes other data feeds such as phishing data, IDS and firewall log data.
A range of premium security-related feeds including malware metadata, IOCs and other telemetry. Subscribers consume the intelligence as real-time event flows rather than traditional batch transfers - which are inherently behind.
Subscribers that need to receive a large volume of content can co-locate a Linux host in one of Farsight’s two Equinix production data centers in Palo Alto, California or Ashburn, Virginia and cross-connect to our network infrastructure
Content can also be delivered through an encrypted TCP stream over the Internet, which allows subscribers to invoke a first-order filtering capability across a set of channels, selecting only the subset of records that match specific domain name/IP address search criteria.