Overview

Farsight Newly Observed Domains (NOD) is a threat intelligence feed that provides organizations with real-time visibility into newly observed domains on the internet. By leveraging a vast passive DNS sensor network, NOD identifies domains that have not been previously seen in DNS traffic or zone files since June 2010. This early detection capability enables security teams to proactively block or monitor these domains before they can be exploited for malicious activities such as phishing, malware distribution, or botnet command and control. NOD data is available through the Security Information Exchange (SIE) Channel 212 and can be integrated into existing security infrastructures via Response Policy Zones (RPZ) or other delivery methods.

Features and Capabilities

• Real-Time Detection: Identifies newly observed domains within minutes of their first appearance in DNS traffic, providing a significant advantage over traditional methods that may take hours or days.
• Passive DNS Data: Utilizes over 2 TB of daily passive DNS data collected from a global sensor network to detect new domain activity.
• Historical Comparison: Compares new domain observations against a historical DNS database dating back to 2010 to determine novelty.
• RPZ Integration: Offers data in RPZ format, allowing for seamless integration with DNS firewalls and the ability to enforce custom policies based on domain age.
• Customizable Time Windows: Provides seven different zone files corresponding to domain ages ranging from 5 minutes to 24 hours, enabling organizations to tailor their security posture.
• Threat Mitigation: Assists in blocking spam, phishing, and malware by enabling the temporary suppression of newly observed domains until they can be evaluated for legitimacy.
• Flexible Delivery Options: Supports various data retrieval methods, including incremental zone transfers (IXFR), to accommodate different operational requirements.
• Integration with Security Tools: Compatible with security information and event management (SIEM) systems, threat intelligence platforms, and other security tools to enhance threat detection and response capabilities.