DNS Analytics
   HOME

TheInfoList



Click Here for Items Related To - DNS Analytics
OR:
DNS Analytics on:   [Wikipedia]   [Google]   [Amazon]

DNS Analytics is the
surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...
(collection and analysis) of
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
traffic within a
computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...
. Such analysis of
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
traffic has a significant application within
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
and
computer forensics Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensical ...
, primarily when identifying
insider threat An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security ...
s,
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
,
cyberweapon Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing ...
s, and ''
advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may ...
'' (APT) campaigns within computer networks. Since DNS Analytics processes and interactions involve the communications between DNS clients and DNS servers during the resolution of DNS queries and updates, it may include tasks such as request logging, historical monitoring by node, tabulation of request count quantities, and calculations based on network traffic requests. While a primary driver for DNS Analytics is security described below, another motivation is understanding the traffic of a network so that it can be evaluated for improvements or optimization. For example, DNS Analytics can be used to gather data on a lab where a large number of related requests for PC software updates are made. Finding this, a local update server may be installed to improve the network.


Published Research

Research within the public domain shows that state-sponsored
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
and
APT Apt. is an abbreviation for apartment. Apt may also refer to: Places * Apt Cathedral, a former cathedral, and national monument of France, in the town of Apt in Provence * Apt, Vaucluse, a commune of the Vaucluse département of France * A ...
campaigns exhibit
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
'' indicators of compromise'' (IOC). Since June 2010, analysis of
cyberweapon Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing ...
platforms and agents has been undertaken by labs including
Kaspersky Lab Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in th ...
, ESET, Symantec,
McAfee McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company head ...
, Norman Safeground, and
Mandiant Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 bil ...
. The findings as released by these organizations include detailed analysis of
Stuxnet Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition ( SCADA) systems and is believed to be responsible for causing su ...
,
Flame A flame (from Latin ''flamma'') is the visible, gaseous part of a fire. It is caused by a highly exothermic chemical reaction taking place in a thin zone. When flames are hot enough to have ionized gaseous components of sufficient density they ...
, Hidden Lynx, Operation Troy, The NetTraveler, Operation Hangover,
Mandiant Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 bil ...
APT1, and Careto. These
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
and
APT Apt. is an abbreviation for apartment. Apt may also refer to: Places * Apt Cathedral, a former cathedral, and national monument of France, in the town of Apt in Provence * Apt, Vaucluse, a commune of the Vaucluse département of France * A ...
campaigns can be reliably identified within computer networks through the use of DNS analytics tools.


References

Domain Name System {{Compu-network-stub