Solution Briefs

DNS-Layer Network Security

Issue link: https://learn-umbrella.cisco.com/i/710457

Contents of this Issue

Navigation

Page 0 of 1

© 2016 Cisco and/or its affiliates. All rights reserved. a.ru 7.7.1.3 e.net b.cn 5.9.0.1 p.com/jpg Protection both before and during the attack Attacks have many phases. Before launching, the attacker needs to stage internet infrastructure to support each phase. Two early phases are to redirect or link to a malicious web domain or send a malicious email attachment. For the former, most attacks leverage exploit kits (e.g. Angler) as the first stage before dropping the final payload. Cisco Umbrella effectively blocks initial exploit and phishing domains. Attacks that target organizations often leverage email attachments or direct payload downloads. Yet attacks with an objective to exfiltrate data, still must initiate a command & control callback. Because Umbrella is built into the foundation of the internet, it identifies where these domains and other internet infrastructures are staged, and blocks requests over any port or protocol, preventing both infiltration and exfiltration attempts. Predict threats before they happen Similar to Amazon learning from shopping patterns to suggest the next purchase, or Pandora learning from music listening patterns to play the next song, Umbrella learns from internet activity patterns to automatically identify attacker infrastructure being staged for the next threat. An internet-wide view of threats #1 fastest & most reliable DNS with 65M+ daily active users 80B+ daily internet requests or connections 3M+ daily new domain names discovered 60K+ daily malicious destinations identified 7M+ malicious destinations enforced at any given time 80M+ daily malicious requests blocked Predictive intelligence Our statistical models predict which domains and IPs will be malicious — often before any other security vendor. For example, one model uses natural language processing to detect domain names that spoof brand and tech terms in real- time (cs.co/NLPRank). Another uses sound wave analysis concepts to detect domains that have spikes in their DNS request patterns (cs.co/SPRank). Nothing kills attacks earlier than DNS-layer security. S O LU T I O N B R I E F We analyze terabytes of data in real-time across all markets, geographies, and protocols. This diversity provides internet-wide visibility into where threats are coming from, who is launching them, where they call back to, how widespread it is, when was the first and last time we saw it, and much more. We combine human intelligence with 3D visualizations to learn new patterns. Then, we apply statistical models to categorize these patterns, detect anomalies, and automatically identify known and emergent threats. Ingest Millions of data points per second using DNS, BGP, WHOIS, and more Apply Statistical models and human intelligence Identify Infrastructure staged for known and emergent threats Exploit or phishing domains Compromised sites and malvertising Phishing spam Web redirect Web link File drop Email attachment C2 callbacks C2 callbacks Nuclear Trojan Ransomware Other malware Angler Malware and botnet infrastructure Rig

Articles in this issue

Links on this page

view archives of Solution Briefs - DNS-Layer Network Security