On-Demand Webinar

Unmasking Subdomain Abuse:
How to protect against these stealth attacks

Presented by Farsight Security's Andrew Lewman and Recorded Future’s Levi Gundert.

Today most organizations, from retailers to investment banks to automotive companies, believe that protecting their brand starts – and stops -- at the Top-level Domain (TlD). Yet below these shiny TlDs are often dozens, hundreds of abandoned, malicious or dynamic subdomains used for phishing, counterfeiting, and other cybercrime.

This presentation will provide insight into how cybercriminals use both legitimate and malicious subdomains to gain entry, and the steps security teams can take to uncover subdomain abuse and protect brand.

Highlights from the webinar include:

  • Insights into the issue of subdomain proliferation and the lack of oversight.
  • An explanation of real-time passive DNS and how it can be used in threat hunting.
  • Demonstrations of practical examples using the Farsight DNSDB database in the Recorded Future platform to research subdomains in the cloud, previously unknown subdomains and monitoring for malicious subdomains.
  • The value of the FSI/Recorded Future joint product to SOC/IR/threat intelligence teams.


Andrew Lewman
Farsight Security Chief Revenue Officer and member of CyAN - Cybersecurity Advisors Network


Levi Gundert
Recorded Future Vice President of Threat Intelligence & Strategy

Register to view the video