Unleash the Power of DNS History for Unprecedented Threat Hunting

At Validin, we seek to make it as easy as possible to search for accurate, timely, and complete passive DNS about public networks for threat hunting and attack surface management. Over the last 6 months, the Validin team has worked tirelessly with security researchers and industry leaders to develop an infrastructure tracking and threat-hunting platform unlike any other, centered around our comprehensive DNS history. Today, after months of development, testing, and iteration with our pilot participants, we’re thrilled to announce the general commercial availability of our platform.

The internet constantly and rapidly evolves, making real-time threat-hunting tools essential for today’s cybersecurity practitioners. Detailed infrastructure history enables analysts and researchers to go back in time to understand changes and connections to related infrastructure. Detailed DNS history and associated context are crucial for understanding usage and intent and expanding knowledge of friendly and adversarial infrastructure.

“[The Validin] platform is already indispensable for context enrichment” - Cyber Security Analyst at a Financial Services Company

Introducing the Validin Platform

The Validin platform enables threat hunters to search with unprecedented ease and granularity, tying together DNS, open-source threat intelligence, endpoint response behaviors, and SSL certificates in one interface. This rich data enables analysts and researchers to quickly understand context, triage indicators, and extend knowledge of known infrastructure.

“Validin’s platform enables me to build analytics, search for dependencies and similarities, and identify coverage gaps for further improvement of network IOC detection.” - Mikhail Kasimov, Maltrail project

Key Benefits

Validin’s continuous measurement of the global DNS infrastructure enables high-resolution insights for current state and more than 4 years of resolution history. With Validin, you can see when actors activate, change, or disable infrastructure.

sample image

Validin also enables pivoting across dozens of different fields and associations, enabling analysts to quickly find related connections and infrastructure across a wide assortment of techniques, tools, and technologies used by threat actors.

Additionally, Validin collects over 650 different open-source threat intelligence sources in the platform to provide immediate context for indicator searches. Validin can help analysts quickly understand if infrastructure is common or uncommon, known or unknown, so you can focus on the most relevant indicators.

Existing Research that Uses the Validin Platform

Validin’s platform has already been used for enriching threat hunting investigations.

Uncovering DDGroup - A long-time threat actor

Sometimes when investigating malware, you come across something that calls your attention. Something that seems odd, something that seems...
Uncovering DDGroup - A long-time threat actor

Infrastructure Analysis: LockBit 3.0

In this blog post, we’re going to take a look at the recent IOCs provided by Boeing in the joint CISA/FBI/ACSC report. LockBit 3.0 ...
Infrastructure Analysis: LockBit 3.0

Getting Started

Interested? Sign up for our free community edition to get started.

Our commercial edition starts at $49 a month and scales to enterprises. See our pricing page for more details. Special pricing is available for researchers and students.

Contact us to learn more and follow us on Twitter for updates.