Solution Briefs

Covering Your DNS Blind Spot

Issue link: https://learn-umbrella.cisco.com/i/710478

Contents of this Issue

Navigation

Page 0 of 3

You may be thinking: "OK, so what, why should I care about having a DNS blind spot?" The answer is simple: it prevents your SIEM from seeing all devices — on and off the network — compromised by attacks or violating policies. Benefits of covering your DNS blind spots Old way New way Improve incident response & policy compliance View some internet activity View all internet activity Accurately and granularly view internet activity By public IP address By domain name Gain domain level visibility for any port & protocol Proxy, AD & firewall logs DNS resolver logs Log all external domain requests on & off network Regional ISPs & servers Global DNS service Reliably and easily retain DNS logs for years Keep stacking boxes Elastic cloud storage In the next few pages, we'll cover the problems most enterprises encounter when trying to gain domain-level visibility, as well as logging, storing and importing this data into log and threat analysis tools (e.g. SIEMs). It explains how Cisco Umbrella provides a quick, easy, and global solution to these problems. Domain-level visibility provides better accuracy and detects more compromised systems Using domain names, as well as IP addresses, prevents many false positives or negatives. And monitoring DNS requests, as well as subsequent IP connections, provides more security visibility. Advanced malware that uses domain generation algorithms, custom protocols, and nonstandard ports evade detection or disruption at the IP-level. " Log all DNS requests and log all web-proxy requests, and invest in solutions that will help you ingest and analyze this data." 2015 Data Breach Investigations Report © 2016 Cisco and/or its affiliates. All rights reserved. Covering your DNS blind spot. S O LU T I O N B R I E F 1 2 xxx.com 1.1.1.1 yyy.com xyz.com 2.2.2.2 1.2.3.4 zzz.com 3.3.3.3 DNS (bbb.ru 4.4.4.4) UDP (4.4.4.4 custom protocol via port 81) Better acuracy using domain names & IP addresses Detect more over any port or protocol

Articles in this issue

Links on this page

view archives of Solution Briefs - Covering Your DNS Blind Spot