Farsight DNSDB for IBM Security SOAR accelerates incident response
Farsight Security launched Farsight DNSDB for IBM Security SOAR, which integrates Farsight DNSDB with IBM Security SOAR, formerly Resilient, the company’s security orchestration, automation, and response solution.
Through this integration, Farsight DNSDB and IBM Security SOAR enable security analysts to automatically contextualize incidents and add to their existing workflows to measurably reduce the number of unknown domain names, IP addresses, name servers, mail exchanger records and other DNS-related assets, in seconds.
The new application is available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies.
As threats are evolving faster than ever, collaborative development amongst the security community will help organizations adapt quickly and speed innovation in the fight against cybercrime.
Farsight DNSDB for IBM Security SOAR accelerates incident response with its orchestration and automation capabilities to investigate and mitigate threats.
Leveraging the open application programming interfaces (APIs) available through IBM Security SOAR, Farsight DNSDB for IBM Security SOAR allows Farsight Security and IBM customers to automatically:
- Gather IP enrichment: Enable the retrieval of hostnames that have recently resolved to target IP addresses.
- Identify hostname relationships: Find all IPs that a hostname has been observed resolving to around the time of observation as well as other hostnames that have resolved to the same IP address as the target hostname. This is especially helpful for identifying related command-and-control infrastructure using common infrastructure.
- Drive automated pivoting: Use the Farsight DNSDB app as part of a workflow to pivot from initial result sets and threat intelligence, identify new relationships and infrastructure likely to be weaponized.
“Bad actors often will create and dismantle malicious infrastructures in minutes. Fortunately, Farsight DNSDB, with its new Flexible Search capabilities, together with IBM Security SOAR, can help security professionals uncover previously unknown DNS assets, from domain names to IP addresses used in malicious campaigns to help significantly increase the accuracy and speed for detection and response to these events.
“Farsight Security is proud to introduce Farsight DNSDB for IBM Security SOAR to our joint customers,” said Dr. Paul Vixie, Chairman, Cofounder and CEO of Farsight Security, Inc.
Farsight DNSDB, with more than 100 billion DNS records, provides the Internet history of a particular domain or IP address dating back to 2010. Starting with a single suspicious domain or IP address, security professionals can query DNSDB to find related DNS digital artifacts, from name servers to other IP addresses or domain names, to gain new, actionable insights into an adversary’s malicious infrastructure.