Harvesting DNS data for DNS security


“So I’ve got a giant pile of DNS logs… How much is enough? Where do I start?” – Security Analysts everywhere

If you’ve managed to harvest your log data from all of your Domain Name System (DNS) servers – first of all, congratulations! Truly. That’s easier said than done if you’re using Microsoft Active Directory.

But now what? Where do you even start with this giant pile of data? You’ve got a ton of DNS records, but what do those mean? And how do you find something lurking in your DNS infrastructure when you don’t even know what you’re looking for?

In this video, BlueCat’s CTO, Andrew Wertkin uses real DNS query examples to show you how to methodically approach your giant pile of IP addresses, DNS requests, and other data from DNS traffic to identify and remediate threats. It’s a perfect primer for Domain Name System security.

You’ll learn:

  • Why you should be collecting data from the DNS protocol at the first hop on your network
  • How adversaries are using your DNS services and the clues you can uncover in your DNS lookup data
  • Real examples of how DNS-based security exposes data exfiltration, SpamBots, man in the middle attacks, and other types of malicious activity
  • The next steps to take in an investigation of suspicious digital signatures to identify and triangulate threats, control spread and remediate breaches faster