As adversaries refine and evolve their attack methods, data must be collected and shared in real-time so that security teams can detect and respond to threats with equal speed.
Security professionals have a wealth of data but much of it is data from the past — the equivalent of looking in the rear view mirror while trying to drive forward. They need real-time insights into global Internet activity to increase the actionable value of threat data and understand their impact.
Here is a list of our most popular channels. A complete list is available here
SIE data enables security professionals to accurately identify, map, and protect their networks from cybercrime activity by providing global visibility on a turnkey basis. It provides immediate access to worldwide real-time data without the need to develop or deploy your own data collection infrastructure. Using data collected from Farsight’s global sensor array, SIE streams more than 200,000 observations per second, including:
Aside from the channels listed above, we also provide:
“Farsight’s SIE platform is the most complete real-time security telemetry of its kind.”
Designed to combat the challenges with consuming real-time data, SIE Batch allows subscribers to select, or “batch”, their available real-time data sets and pinpoint data needed for their investigations. Available via both API and a Web interface, subscribers can log into SIE Batch and download a recent sample of data (from 2 minutes to 12 hours in length) or download a specific time period of data they need. In addition, Farsight offers a SIE Batch API that lets subscribers easily access SIE data (in file format) from a program or script.
Subscribers that need to receive a large volume of content can co-locate a Linux host in one of Farsight’s two Equinix production data centers in Palo Alto, California or Ashburn, Virginia and cross-connect to our network infrastructure.
Content can also be delivered through an encrypted TCP stream over the Internet, which allows subscribers to invoke a first-order filtering capability across a set of channels, selecting only the subset of records that match specific domain name/IP address search criteria.