DNS Analytics
   HOME

TheInfoList



OR:

DNS Analytics is the
surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing, or directing. This can include observation from a distance by means of electronic equipment, such as ...
(collection and analysis) of
DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
traffic within a
computer network A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...
. Such analysis of
DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
traffic has a significant application within
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
and
computer forensics Computer forensics (also known as computer forensic science) is a branch of digital forensics, digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital me ...
, primarily when identifying
insider threat An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security ...
s,
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
,
cyberweapon Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into ex ...
s, and ''
advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...
'' (APT) campaigns within computer networks. Since DNS Analytics processes and interactions involve the communications between DNS clients and DNS servers during the resolution of DNS queries and updates, it may include tasks such as request logging, historical monitoring by node, tabulation of request count quantities, and calculations based on
network traffic Network traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network packets, which provide the load in the network. Network traffic is the main ...
requests. While a primary driver for DNS Analytics is security described below, another motivation is understanding the traffic of a network so that it can be evaluated for improvements or optimization. For example, DNS Analytics can be used to gather data on a lab where a large number of related requests for PC software updates are made. Finding this, a local update server may be installed to improve the network.


Published Research

Research within the public domain shows that state-sponsored malware and APT campaigns exhibit
DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
''
indicators of compromise Indicator of compromise (IoC) in computer forensics is an artifact observed on a computer network, network or in an operating system that, with high confidence, indicates a computer intrusion. Types of indication Typical IoCs are virus signature ...
'' (IOC). Since June 2010, analysis of
cyberweapon Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into ex ...
platforms and agents has been undertaken by labs including
Kaspersky Lab Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky a ...
,
ESET ESET, s.r.o., is a software company specializing in cybersecurity, founded in 1992 in Bratislava, Slovakia. ESET's security products are made in Europe and provides security software in over 200 countries and territories worldwide. Its softwa ...
,
Symantec Symantec may refer to: * Gen Digital, an American consumer software company formerly known as Symantec * Symantec Security, a brand of enterprise security software purchased by Broadcom Broadcom Inc. is an American multinational corporation, ...
,
McAfee McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American proprietary software company focused on online ...
,
Norman Safeground Norman Safeground AS is a developer of data security software, such as anti-virus, anti-spam, anti-spyware and backup with local support. The company headquarters is in Oslo, Norway. Norman Safeground has a global partner-network, and the main m ...
, and
Mandiant Mandiant, Inc. is an American cybersecurity firm and a subsidiary of Google. Mandiant received attention in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireE ...
. The findings as released by these organizations include detailed analysis of
Stuxnet Stuxnet is a Malware, malicious computer worm first uncovered on June 17, 2010, and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsibl ...
,
Flame A flame () is the visible, gaseous part of a fire. It is caused by a highly exothermic chemical reaction made in a thin zone. When flames are hot enough to have ionized gaseous components of sufficient density, they are then considered plasm ...
, Hidden Lynx, Operation Troy, The NetTraveler, Operation Hangover,
Mandiant Mandiant, Inc. is an American cybersecurity firm and a subsidiary of Google. Mandiant received attention in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireE ...
APT1, and Careto. These
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
and APT campaigns can be reliably identified within computer networks through the use of DNS analytics tools.


References

{{reflist Domain Name System