Datasheets

Investigate from Cisco Umbrella

Issue link: https://learn-umbrella.cisco.com/i/711474

Contents of this Issue

Navigation

Page 0 of 1

© 2017 Cisco and/or its affiliates. All rights reserved. Many security products provide visibility into what's happening on your own network. But do you see what's happening on the whole internet, beyond your perimeter? That's where attackers are staging infrastructure in preparation for launching attacks. Cisco Umbrella Investigate provides the most complete view of an attacker's infrastructure, and enables security teams to discover malicious domains, IPs, and file hashes, and even predict emergent threats. How we do it Begin with a massive, diverse dataset In 2006, we started building the world's largest internet security network to acquire global intelligence. Today, over 65 million daily active users across 160+ countries point their DNS traffic to our global network — providing visibility into more than 100 billion internet requests every day. Plus, more than 500 peering partners exchange BGP route information with us, which shows us the connections and relationships between different networks on the internet. This massive and diverse set of data gives us a view of the internet like no other security company. Apply statistical models To discover patterns and detect anomalies across our data, we design statistical models to categorize and score it. For example: • Many models analyze spatial relationships, such as graphing the relationships between networks across the internet. • Some models analyze time-based relationships, such as discovering domain co- occurrences as a result of consecutive DNS requests over very short timeframes, repeated by thousands of users. • Other models analyze statistical deviations from normal activity, such as measuring the geographic distribution of IP networks requesting a domain name. • Utilizing natural language processing, the NLP Rank model identifies phishing domains that spoof brand names by analyzing their lexical structure and location on the internet. Investigate attacks like never before. Attackers are pivoting through your infrastructure. What if you could pivot through theirs? DATA S H E E T By the numbers • 65 million active enterprise and consumer users daily • Users from 160+ countries • 100 billion DNS requests daily • 500+ peering partners exchange BGP routes with us, which enhances our view of the internet Researching security incidents with Investigate Investigate's view of global traffic to associated domains and IPs Your view of local traffic to a suspicious domain or IP

Articles in this issue

view archives of Datasheets - Investigate from Cisco Umbrella