« Previous 1 2
Employing DNS in network security
Revealing Traces
Automated Counter to Hackers
The most advanced companies and vendors feed DNS telemetry data – also known as passive DNS – into data stores and then have the data analyzed by machine learning algorithms. Sophisticated algorithms can detect various types of malicious activity in passive DNS data, including, for example, requests sent by a domain generation algorithm (DGA), which is code that automatically creates a list of domains used by malware clients to communicate with a number of command-and-control (C&C) sites.
These domains serve as a meeting point for malware- and hacker-controlled servers that communicate secretly over a backhaul network. Once one of the DGA domains is detected and blocked by IT security, the malware client and C&C server move to the next domain on the list to bypass the defenses. For example, the defense algorithm can detect patterns in the newly created domain names and directly identify them as threats.
Conclusions
DNS is an indispensable part of any modern security toolkit, playing both an active and a supporting role in securing networks and tracking malicious activity. Moreover, DNS is a central tool already in place connecting all departments, which can facilitate the paradigm shift away from silos and toward a holistic integrative approach.
Infos
- Cost of a Data Breach Report 2021: https://www.ibm.com/security/data-breach
« Previous 1 2
Buy this article as PDF
(incl. VAT)