Download now! eBook Now Available: Using Farsight Passive DNS for Incident Response

Solutions

Farsight Solutions

By Role
CISO / Security Management Security Operations Threat Intelligence Network Operations / IT

By Need
Incident Response Threat Hunting Brand Protection Fraud Prevention Anti-Phishing

Technology
Partner Integrations Security Information Exchange

All Solutions
DNSDB Newly Observed Domains Newly Observed Hostnames DNS Changes DNS Errors

Blog Technical Resources Free Trial
Resources

Farsight Resources

Resources Center
General Resources Reports Research Case Studies Webinars Videos FAQ Infographics

Support
Technical Resources Tools Help

Featured Resource

DNSDB^® Get Started Guide

Learn how to get the most from DNSDB with our Get Started Guide.
Get started with DNSDB

Blog Solutions Free Trial
Blog
Partners

Farsight Partners and Integrations

Partner Ecosystem Integrations Tools

Featured Resource

Reducing Third Party Risk Using Passive DNS Data

This joint whitepaper between LookingGlass Cyber Solutions and Farsight examines how continuous monitoring, specifically using Farsight passive DNS data, can help identify infrastructure vulnerabilities in third-party vendors.
Download

Blog Solutions Free Trial
Community

Farsight Community

Overview Data Sharing Technical Content Research Grant Requests

Featured Resource

Discover Hidden Clues with Farsight DNSDB^®

In this eBook, take a deep dive into DNS and learn how to discover previously hidden digital artifacts and advance your cyber investigations.
Download eBook

Blog Solutions Free Trial
Company

Farsight Overview

Company
About Team Jobs Contact Us

News & Events
Overview News Events Press Releases 5 Questions Newsletters

Featured Resource

Using Farsight Passive DNS for Incident Response

In this eBook, explore how Farsight Security's real-time and historical passive DNS solutions can be used throughout the four phases of the NIST incident response lifecycle.
Download eBook

Blog Solutions Free Trial
Free Trial

DNS Changes channel monitors DNS and alerts of attacks

The Security Challenge

Cybercriminals change DNS records to hijack domains and redirect traffic to malicious websites

The Internet and the Domain Name System (DNS) are continually changing; domains are constantly created and existing ones are frequently modified. Cybercriminals change DNS records to hijack domains and redirect traffic to malicious websites.

The redirected traffic bypasses their hosts leaving organizations unaware that traffic is being diverted. This leaves businesses and customers at great risk.

The Farsight Solution

DNS Changes channel

provides real-time visibility into changes made to DNS.

Whenever a new domain is created or a domain’s configuration changes, the DNS Changes channel highlights that change in real-time. This lets organizations easily monitor their DNS worldwide and alert on unauthorized changes due to operational accidents — or an attack.

The data is collected from the Farsight global DNS sensor array. The DNS Changes channel contains more than 200,000 observations per second to provide a holistic view of all DNS changes including:

Hostnames - also known as fully qualified domain names (FQDNs)
Name servers
DNSSEC records

“Farsight’s DNS Changes is the authoritative source of changes in Internet infrastructure.”

Chief Scientist
Security Company

Request demo

How Does It Work?

DNS Changes Identifies Domain Hijacking

A resource record (RR) is a single DNS record.
A resource record set (RRset) consists of all the resource records of a given type for a given rrname.

When the DNS Changes channel detects a never-before-seen RRset, it publishes that RRset to Channel 214 on SIE. It also annotates novel information about each RRset. These include individual RRs that have not been seen before and whether the RRset has changed from those previously seen for a Fully Qualified Domain Name (FQDN).

Data is presented as a time-stamped RRset, providing full context for observed changes as well as critical information for security investigators and operational change management.

The DNS Changes channel is provided on the Farsight Security Information Exchange (SIE) platform.

It reports on global changes when existing domains purposely, inadvertently or maliciously:

Move to a new IP address
Use different name servers
Use a new mail exchange
Start using IPv6 or DNSSEC

Mapping Adversary Infrastructure Using DNS

Want to learn more?

Protect against cybercriminal activity in real-time.

Request a free demo

Farsight Solutions

By Role

By Need

Technology

All Solutions

Farsight Resources

Resources Center

Support

Featured Resource

DNSDB® Get Started Guide

Farsight Partners and Integrations

Featured Resource

Reducing Third Party Risk Using Passive DNS Data

Farsight Community

Featured Resource

Discover Hidden Clues with Farsight DNSDB®

Farsight Overview

Company

News & Events

Featured Resource

Using Farsight Passive DNS for Incident Response

DNS Changes channel monitors DNS and alerts of attacks

The Security Challenge

Cybercriminals change DNS records to hijack domains and redirect traffic to malicious websites

The Farsight Solution

DNS Changes channel

provides real-time visibility into changes made to DNS.

How Does It Work?

DNS Changes Identifies Domain Hijacking

The DNS Changes channel is provided on the Farsight Security Information Exchange (SIE) platform.

Case study

Resources

From the blog

Want to learn more?

DNSDB^® Get Started Guide

Discover Hidden Clues with Farsight DNSDB^®