Millions of hostnames are created every day as part of the Domain Name System (DNS). Often, bad actors use hostnames to impersonate other organizations.
Security teams need to know when new hostnames are put into use in real-time. Unfortunately, this insight is not readily available because it is broadly distributed across many recursive and authoritative name servers around the world.
“Farsight’s NOH is very valuable for malware discovery.”
Using NOH, security teams can leverage real-time, actionable insights based on new hostnames that target their domains as well as their partners; thus ensuring end-to-end security.
Organizations can watch for and discover infringing domains and phishing hostnames targeting their users and partners.
Organizations often have internal hosts that should never be accessed from the Internet. Security teams can know when someone, either internal or external, is attempting to resolve these hosts.
Internal and external penetration testers can use this feed of new systems and hosts for legitimate pen testing engagements.
By monitoring the DNS worldwide, organizations can see newly added websites in their own domains. They can also learn about unexpected DNS changes within minutes; allowing for quick action and investigation.
NOH leverages more than 2 TB of real-time Passive DNS data to detect hundreds of millions of hostnames per day. Farsight validates that more than 25 million of those hostnames are newly configured from the perspective of the historical DNSDB database.
NOH is available as a real-time stream as Security Information Exchange (SIE) Channel 213 and in a DNS zone file format that can be queried or downloaded.