DNS is a technology we all must use, but as a security analyst you also know it can be a source of intrusion, leading to damaging breaches. Whether it be via DNS poisoning or c2 channels, your eyes have got to be on your network activity when it comes to DNS, and knowing whenever a corporate host makes a request of a non-corporate DNS server. Easy enough, right? Just look through rows and rows of logs, get stuck by idiosyncrasies like custom-built servers or personal non-work systems, and search for port 53 traffic.
Don’t worry, there is a better way to analyze and visualize DNS traffic for more rapid detection of potential attacks.
Because of its sheer volume, DNS traffic is one of the largest analytic challenges and is often ignored when it comes to security analytics. But you can’t ignore it, so instead you need to download the 21CT LYNXeon Detecting Directed DNS Analysis Methodology and learn how a security analytics and visualization solution can not only connect with all of your DNS traffic data, but fuse it with other already available data to: