Neustar, a global information services company and leader in identity resolution, announced the release of UltraThreat Feeds, a new service that provides its enterprise customers with access to real-time threat data to help them better identify cyber threats as they evolve.
Designed by Neustar’s renowned security experts and leading academic researchers, the service – unique to Neustar – enables security and threat intelligence teams of all sizes to access threat feeds based on analysis and observations curated from Neustar’s expansive DNS, OneID and IP decisioning data.
Incorporating proprietary data derived from Neustar’s Security Portfolio & OneID identity resolution platform, UltraThreat Feeds can be ingested into a client’s existing platform to deliver superior threat data and provide valuable insights to unique and developing threats in near real-time.
“With the average cost of a data breach now at nearly $4 million, enterprises are investing significant resources into threat intelligence solutions to better defend themselves. A key change is enabling network and application security tools with improved real-time awareness of active threats,” said Rodney Joffe, security CTO, senior technologist and fellow at Neustar.
“For example, SIEMs, TIPs, Next Gen Firewalls, IPS/IDS, WAFs, and DNS Firewalls all require threat data to power their security functions to detect and block malicious actors. Neustar’s UltraThreat Feeds service delivers deep, rich threat data, giving users the power to identify indicators of compromise or malicious activity in near real time and act accordingly to limit or even prevent attacks.”
UltraThreat Feeds enable Neustar customers to identify:
- Malicious domain generation algorithms (“DGAs”) – When malicious actors register one of the thousands of domains that are created by the DGAs within their malware, and that then allow the actors to control infected hosts from their Command and Control Servers (C2).
- Suspicious DNS tunneling attempts – When Domains leverage the DNS protocol to create a “tunnel” to exfiltrate data past customers’ security measures.
- Newly observed domains – When a Domain with little or no history is suddenly active, which presents increased risk.
- Domain updates (nameserver or hosting IP address) – When there are indications that a domain has been hijacked.
- Domain spoofing (business email compromise) – When fake online personas trick victims into making fraudulent transactions by imitating or resembling legitimate domains.
Neustar’s UltraThreat Feeds service has an advantage over competitors, thanks to the availability of its own unique data assets, including DNS data exhaust collected from the more than 100 billion queries received from 30 globally distributed nodes every day and supplemented by the IP address intelligence and analytics processed across Neustar’s product suite.
Combined with behavioral analysis and pattern-based research, this advantage enables Neustar to derive truly unique insights into malicious activity. With insight gained from Neustar’s globally distributed authoritative and recursive DNS network, Neustar OneID, IP Intelligence geolocation and risk data, UltraThreat Feeds can provide a proprietary view of global threats to help identify and stop bad traffic, both inbound and outbound.
“With increasing attacker sophistication, and renewed aggression from nation-state adversaries focused on corporate espionage, many organizations are trying to find out how to properly leverage these [threat intelligence] services to protect themselves,” wrote Forrester analysts Josh Zelonis and Joseph Blankenship in the report, The Forrester Tech Tide: Zero Trust Threat Detection And Response, Q1 2019.