Harvesting DNS data for DNS security

  “So I’ve got a giant pile of DNS logs… How much is enough? Where do I start?” – Security Analysts everywhere If…

 

“So I’ve got a giant pile of DNS logs… How much is enough? Where do I start?” – Security Analysts everywhere

If you’ve managed to harvest your log data from all of your Domain Name System (DNS) servers – first of all, congratulations! Truly. That’s easier said than done if you’re using Microsoft Active Directory.

But now what? Where do you even start with this giant pile of data? You’ve got a ton of DNS records, but what do those mean? And how do you find something lurking in your DNS infrastructure when you don’t even know what you’re looking for?

In this video, BlueCat’s CTO, Andrew Wertkin uses real DNS query examples to show you how to methodically approach your giant pile of IP addresses, DNS requests, and other data from DNS traffic to identify and remediate threats. It’s a perfect primer for Domain Name System security.

You’ll learn:

  • Why you should be collecting data from the DNS protocol at the first hop on your network
  • How adversaries are using your DNS services and the clues you can uncover in your DNS lookup data
  • Real examples of how DNS-based security exposes data exfiltration, SpamBots, man in the middle attacks, and other types of malicious activity
  • The next steps to take in an investigation of suspicious digital signatures to identify and triangulate threats, control spread and remediate breaches faster

 

Customer Care Portal

Looking for more in-depth information on our products and services? Come get some.

(You’ll also find multi-channel support from our team of experts and your fellow BlueCat customers.)

Customer Care Portal

Training Portal

Are there some gaps in your DNS knowledge?
Not in ours.

From the basics to the not-so-basics, our Training Portal contains everything a NetOps team needs to know.

Training Portal

Products and Services

From Core Network Services to multicloud management, BlueCat has everything you need to build the network you need.

Learn more