Every connected enterprise works to prevent the nightmare of a data breach or compromised network. That requires an active threat detection program to find threats in your network, systems or applications before they can be exploited in an attack.

Even better: Detecting threats on the Internet, where they originate.

That’s the advantage you gain with Neustar UltraThreat Feeds for threat detection. They expand the scope of your threat detection program to the global sweep of the Internet.

Data for these feeds is drawn from the DNS exhaust of our globally distributed network of authoritative and recursive DNS service sites that together process more than 100 billion lookups every day. This data is analyzed using machine learning powered by artificial intelligence to create focused data feeds that enable your team to detect and neutralize rapidly evolving threats before they can inflict serious damage.

Malicious DGA Feeds

Zeroes in on active lookups of known DGA domains as well as patterns in traffic indicative of new DGAs at work, including:

  • Domains active in DNS traffic with DNS responses
  • Domains active in DNS traffic that do not resolve
  • Updated: Every hour
  • Use Case: Block DGA domains; identify traffic to your network to or from DGA domains to neutralize threats

DNS Tunnel Feed

Identifies suspicious queries and responses in traffic that are suggestive of DNS tunneling attempts. The feed is comprised of information about each suspicious query or response, including a time stamp and the second level domain associated with it.

  • Updated: Every 10 minutes
  • Use Case: If your domain is identified, investigate and neutralize the threat immediately

Learn How Your Company Can Benefit from the Power of Trusted Connections.

Contact Us Give us a call 1-855-898-0036