LONDON, UK. – September 6, 2016 – SOC Prime, Inc. reveals a new Use Case for the Use Case Library – DNS Security Check.
Available through Use Case Library cloud platform, DNS Security Check is a straightforward SIEM Use Case that easily finds DNS Misconfigurations and anomalies in corporate networks. It detects, provides visual display and automatic alerts on the DNS packets addressed to non-corporate DNS servers, unusually large DNS packet sizes and even potential Fast-Flux DNS botnet traffic.
DNS is one of the core protocols present in any organization and across the Internet that was designed with a lot of flexibility yet little security in mind. It is also one of the least controlled protocols on the corporate network: firewalls and other network active defense tools only relay the DNS packets and do not perform any analysis on Data that is sent in the DNS packets. Implementation of DNS DPI controls is rather uncommon, relatively costly and can also affect latency of the DNS response that may slow down communications. The core risk comes from DNS extra capabilities that allow to include additional Data in DNS requests such as TXT fields that can contain any data or to abuse protocol for Data transmission. This makes DNS protocol a perfect vector of attack that bypasses all traditional network defenses.
DNS Security Check is certainly a benchmark to find big problems and serve as early warning and a hint towards proper Mitigation, Detection and Prevention techniques and technologies. From Cyber Kill Chain perspective, DNS Security Check finds incidents at C2 and Actions on Objectives phases.