PASSIVE DNS

Detect DNS Tunneling

63% of organizations take longer than a day to detect and respond to DNS attacks.

DNS tunneling is a technique used by attackers to bypass security controls by masking their activity within DNS queries and responses. Modern attacks use a hands-on approach to breach, move laterally, and exfiltrate data. DNS naturally passes through firewalls and has become a staple among ransomware attackers for moving data out of a network. Machine learning, encrypted traffic analysis, and historical DNS can be used to detect and action on unusual DNS behavior associated with pre-ransomware activity and other DNS attacks.

Identify Malicious Domains and IPs

91% of malware attacks involve DNS.

Passive DNS can identify domains and IP addresses associated with known malware, phishing, or other malicious activity. ThreatEye helps identify existing compromises and respond to preventing the spread of these threats.

Threat intelligence

Integration with third-party threat intelligence feeds helps ThreatEye proactively identify when assets are reaching out to known malicious sites. 100% of assets reaching out need to be investigated, even if the domain request was blocked. Healthy assets don’t reach out to malicious domains on their own.

Identify DGA activity

Domain Generation Algorithms (DGAs) are used by malware to generate new domain names for command and control (C2) communication. Leveraging historical DNS and automatically correlating with new domain registrations can identify compromised assets that directly communicate with C2 attacker infrastructure.

Create custom alerts and reports

Customizable alerting and reporting allow your SecOps team to tailor notifications and insights to your specific requirements, ensuring critical threats are identified and addressed in a timely manner.