Cisco: Debunking the myths of DNS security

For years, we’ve been pioneering the use of DNS to enforce security. We recognized that DNS was often a blind spot for organizations and that using DNS to enforce security was both practical and effective. Why? Because DNS isn’t optional. It’s foundational to how the internet works and and is used by every single device that connects to the network. If you’re considering using DNS for security, it’s important to understand the facts so you can combat the fiction.Myth: DNS can only provide limited insights for threat intelligence.

Thanks to DNS, we have a view of the internet that is unlike any other security provider. Using a combination of historical and live data from over 140B+ daily requests across 90 million daily users, we apply multiple statistical and machine-learning models. We then derive meaningful insights from this diverse data set, which allows us to:

• Associate attacks with specific domains, IPs, ASNs, file hashes, and email addresses in order to map out attacker infrastructure.
• Use WHOIS record data to see domain ownership and uncover other malicious domains registered with the same contact information
• See suspicious spikes in global DNS requests to a specific domain.
• Predict where future attacks might be staged by identifying related domains and IPs that are associated with malware.
• Detect fast flux domains and domains created by Domain Generation Algorithms.
• Access a massive passive DNS database to see historical data about domains.

We’ve resolved 175,427,918,134,461 (and counting!) DNS requests since 2006 –– ask other security providers if their data for threat intelligence can match this scale. You can learn more about our intelligence here: umbrella.cisco.com/products/our-intel

Read the entire article here, Debunking the myths of DNS security

Via the fine folks at Cisco Systems.