...
 
 
 
 
Site Search
 

The Need for Comprehensive, Near Real-Time, Threat Insights

The complexity of digital security today makes the ability to identify threats and prevent attacks before they happen more difficult than ever – but the stakes are also higher than ever. The loss from a typical data breach averages $4 million, while more serious “mega breaches” can cost hundreds of millions of dollars. In this environment, it’s critically urgent to find effective ways to detect, identify and defend against attacks.

Given how quickly attackers are shifting their strategies and attack vectors, comprehensive security coverage at every layer in the stack is essential. You need focused threat detection data that helps identify evolving threats, as well as broader data that supports programmatic analysis to expose deeper threats, and the bad guys, before they do damage. Your threat data must be current and actionable, and informed by a unique perspective on Internet activity to help your team quickly identify and stop threats before your organization becomes the next victim.

Neustar’s UltraThreat Feeds provide the near real-time threat data you need to detect emerging threats and help identify and stop bad traffic, both inbound and outbound. Read More

Discover how Neustar helps secure your organization online. Watch Now

Why Neustar UltraThreat Feeds?

Neustar’s Unique DNS Data Insights

Unlike competitors whose threat feeds are derived from passive DNS data they collect from 3rd party providers or a network of sensors, Neustar leverages its own DNS data exhaust collected from over 30 globally distributed nodes and over 100 billion look ups per day. This, combined with behavioral analysis and pattern-based research, enables us to derive refined contextual insights into malicious activity.

A Powerful Global Perspective

With data and insights gained from our own globally distributed authoritative and recursive DNS network, Neustar OneID and IP Intelligence geolocation and IP risk data, we’re able to provide a proprietary view of global threats to support threat detection and help identify and stop bad traffic to mitigate risks. This is threat data no other vendor in the industry can offer.

Meets Strict “Privacy by Design” Standards

Neustar’s data acquisition and storage methodologies ensure protection of Personal Information (PI) and comply with global privacy standards including the European Data Protection Regulation (GDPR).

UltraThreat Feeds API

UltraThreat Feeds API delivers access to the DNS data resources that power our UltraThreat Feeds, allowing your teams to investigate malicious domains and IPs based on your schedule and needs, to identify specific threats facing your organization.

These API calls give you new ways to query different data sets stored in our UltraThreat Feeds Data Lake and provide you with access to nearly 2 years of rolling threat data.

This data is delivered in industry standard JSON format, facilitating use in security systems including firewalls and event management systems (SIEMs).

Read Solution Sheet

Find out how our UltraThreat API can help you:

Respond to Incidents

Your organization has powerful security tools that alert and notify your team of potential threats. In order to be effective, your SOC and Incident Response teams need deep insight into suspect IP address(es) and domain(s).

See what insights UltraThreat Feeds API can provide your SOC and Incident Response teams.

  • What is the Host IP of a domain?
  • What other domains are hosted on the IP?
  • When was the domain first seen? Last seen?
  • Where has that domain been queried globally? Different responses globally?
  • How many subdomains? What are the subdomains?
  • How many users queried that domain?
  • How many hosting IPs have there been?
  • How did that domain change over time? Hosting IPs, name servers etc.

Show Insights

Identify Threats

To effectively hunt down, identify and mitigate threats, you need to be looking proactively to find threat activity both on the macro level, with large sets of data, and at the activity of suspicious individual domains or IPs.

See what insights UltraThreat Feeds API can provide your Threat Hunting team.

  • How many domain name nameservers?
  • What is the host IP of the domain?
  • What other domains are on the host IP?
  • Where has that domain been queried globally? Different responses globally?
  • How many subdomains? What are the subdomains?
  • How many users queried that domain?
  • How did that domain change over time? Hosting IPs, name servers etc.

Show Insights

Prevent Fraud

If your organization is processing financial transactions, either business or consumer, you need the ability to determine if fraud is happening while the transaction is in process. This allows your team to either allow, deny or reject the transaction before you incur a loss – or your brand is damaged. Start with either a fully qualified domain or second level domain.

See what insights UltraThreat Feeds API can provide your Fraud team.

  • How many subdomains are associated with that domain?
  • How many users queried the domains?
  • How many host IPs does the domain have?
  • How many domain name nameservers?
  • What is the host IP of the domain?
  • What other domains are on the host IP?
  • Is this domain on the NX Domain list?

Show Insights

Keep Watch On Malicious IPs and/or Domains

To be effective, security teams have domains and IPs that they preemptively watch for activity. This is the only way to stay ahead of potential Threats.

See what insights UltraThreat Feeds API can provide your Security team.

  • Has this domain been seen?
  • When was it first seen?
  • When was it last seen?
  • What is the host IP(s) of the domain?
  • Where are the queries geographically located?
  • How many domain name nameservers?
  • What other domains are on the host IP?
  • How many subdomains? What are the subdomains?
  • How did that domain change over time? Hosting IPs, name servers etc.

Show Insights

Protect Your Brand

Organizations have a brand or brands that they monitor as the implications of any cyber incident can be extreme, both monetarily and psychologically. Watching for derivatives of your brand name (‘brand’ vs. ‘br4nd’), gives you the power to detect malicious activity.

See what insights UltraThreat Feeds API can provide your Security team as they protect your brand.

  • Has this domain been seen?
  • When was it last seen?
  • When was it first seen?
  • What are the hosting IPs?
  • Where are the queries geographically located?

Show Insights

photo of report cover

How UltraThreat Feeds Can Protect Your Brand, Mitigate Fraud and Defend Your Domain.

Companies in financial services are attacked 300 times more often by cybercriminals than those in other industries. That’s why timely, relevant data on potential threats from authoritative sources is as essential element of a strong and effective security posture.

Read Whitepaper

abstract interpretation of connections

Don’t Think You Need Threat Data? We’ll Show You Why You Do.

Neustar and Aite Group present the findings of their new white paper that explores the benefits of using DNS derived Threat Feeds to identify and mitigate online cyber threats — both inbound and outbound.

Watch Webinar

touch screen analytics

Threat Feeds: Comprehensive, Near Real-Time Insights

Given how quickly the attackers are shifting their strategies and attack vectors, having comprehensive coverage at every layer in the stack is more critical than ever. This means you need a way to do programmatic analysis in order to expose big threats, and the bad guys, before they do damage.

Read Release

Let's Connect

Learn How Your Company Can Benefit from the Power of Trusted Connections.

Contact Us   Give us a call 1-855-898-0036