as everyone knows , Most of today's malicious attacks are driven by interests , Hijacking legitimate network resources and launching attacks . One of the important ways , Is to use domain name service （DNS） Network users will be guided to malicious sites and they will be included in the attack node .
DNS There are three meanings for hackers ：
1. Transmit command and control command
2. Illegal immigration data
3. Redirecting traffic
But because very few companies monitor for security purposes DNS state ,DNS Now it has become an ideal means of attack for attackers .
stay DNS Security layer , It can effectively detect and control this kind of malware infection . Before the malicious connection is established, strangling the threat in the cradle is the first priority for security . Do that , You have to monitor the network , Track the network location and access mode of employees and their devices .
malice IP track , And malicious infrastructure connection blocking technology , Can thwart an attacker's attempt to exploit this common security blind spot . The more dangerous connections are blocked , The less internal cyber threats we need to deal with . and , Even if the Internet is successfully broken through ,DNS Monitoring can also help connect nodes , Determine the type and source of the infrastructure used for the attack , Deepen investigation and evidence collection .
With Angler Take the exploit toolkit as an example ,DNS Monitoring technology provides the basis for the investigation IP Better visibility of infrastructure .Angler The operator keeps switching in a linear jump mode IP Address , Hiding their threatening behavior , To prevent outside interference in their illegal money making activities . But by monitoring and analyzing the domain name behavior associated with it , We have a deeper understanding of the technology they use , You know how to stop them .
As attackers continue to innovate attack techniques and tactics , For example, combining direct connection command and control to bypass domain name resolution , Defenders are also developing their own new technologies to identify and respond to these attacks faster .
be based on IP Predictive Threat Intelligence is a new defense technology . This technique applies algorithms to analyze traffic patterns , Watch and detect malicious activity , Instead of scanning the content . This new technology based on data science and Pandora The technology used in our music service is the same . But it's not like using the sound patterns you're currently listening to to infer other music you might like , This new technology uses network traffic patterns to identify malicious attacks .
Some domain names keep a lot of inbound traffic all the time , Other domain names may have traffic peaks at certain times , Or, , There are other completely different models . But the domain name used to carry out the attack , In general, traffic patterns are instantaneous , The flow time is shorter , And faster . After all , As a blind act , And keep a low profile . If you can find and put these The state pattern Cross reference with other data , It helps to quickly detect the ongoing attacks and take action to contain them .
And the ability to predict attacks takes this data analysis to a higher level . Start with the clues from analyzing traffic patterns , Every step cybercriminals take in hijacking infrastructure , All useful in attack prediction . such as ： Choice of hosting provider 、 The deployment of server image and so on . A deeper and more comprehensive analysis of the managed infrastructure will give you the ability to predict and prevent unexpected threats .
Because cybercriminals use the Internet to launch attacks , We need to be right DNS Infrastructure and IP What's happening on the Internet has a clearer view . This requires the security team and DNS Experts use the right technology to work together . in any case , Connecting more nodes and constantly correcting Threat Intelligence can quickly identify and prevent network attacks .
Attackers are constantly improving their attack methods , Therefore, we also need to continuously improve the data analysis technology , To lock an attack before it happens .