Threat Visibility & Gap Analysis
CyberCyte Threat Visibility enables organisations to analyse internal DNS logs and perform gap analysis for discovering cyber threats from internal devices.
DNS is the address book of the Internet. Any communication to the Internet starts with a DNS Query. An increasing number of organisations are relying on DNS analysis to identify malicious activity and data exfiltration attacks. DNS Tunnelling has become a significant threat for organisations.
CyberCyte Threat Visibility utilises two major modules within DNSCyte to address these challenges.
Threat Visibility Module
1. The system collects, enriches, and centrally reports the logs of different DNS Servers.
2. The source IP Address making the DNS query is identified. DNSCyte Threat Visibility enriches data by adding the related MAC Address, Hostname, and the domain/workgroup information to the IP address.
3. The DNS log creates a very high number of events. Accessing a webpage creates around 70 log
records on average. The DNS queries must be classified before they can be examined. DNSCyte Threat Visibility classifies a domain to 66 different categories based on their security level and content.
4. Rule-based flexible SIEM integration significantly saves on the effort of reviewing records and the number of EPS. On corporate networks, the vast majority of DNS queries are to a well- known destination address. DNSCyte Threat Visibility classification engine and rule-based SIEM integration feature enable the filtering of DNS logs to send only the data with importance to a SIEM solution. In practice, there is around 1000 fold decrease in the amount of log data sent to a SIEM solution.
Supported DNS Servers
We're member of
We're member of