Threat Visibility & Gap Analysis


Agentless Collection of Artifacts Like Sysmon and Autoruns 

CyberCyte Threat Visibility enables organisations to analyse internal DNS logs and perform gap analysis for discovering cyber threats from internal devices.

DNS is the address book of the Internet. Any communication to the Internet starts with a DNS Query. An increasing number of organisations are relying on DNS analysis to identify malicious activity and data exfiltration attacks. DNS Tunnelling has become a significant threat for organisations.

CyberCyte Threat Visibility utilises two major modules within DNSCyte to address these challenges.

Threat Visibility Module

DNS logs include important information summarising application-independent corporate internet traffic for all protocols. However, in most cases, DNS log data cannot be collected by organisations due to difficulties in interpreting the data and large volume. Threat Visibility enables the detailed analysis and categorisation of internal DNS Server activity.

1. The system collects, enriches, and centrally reports the logs of different DNS Servers.

2. The source IP Address making the DNS query is identified. DNSCyte Threat Visibility enriches data by adding the related MAC Address, Hostname, and the domain/workgroup information to the IP address.

3. The DNS log creates a very high number of events. Accessing a webpage creates around 70 log
records on average. The DNS queries must be classified before they can be examined. DNSCyte Threat Visibility classifies a domain to 66 different categories based on their security level and content.

4. Rule-based flexible SIEM integration significantly saves on the effort of reviewing records and the number of EPS. On corporate networks, the vast majority of DNS queries are to a well- known destination address. DNSCyte Threat Visibility classification engine and rule-based SIEM integration feature enable the filtering of DNS logs to send only the data with importance to a SIEM solution. In practice, there is around 1000 fold decrease in the amount of log data sent to a SIEM solution.

Supported DNS Servers

Microsoft DNS Server

Gap Analysis

The Gap Analysis module enables an organisation to measure the effectiveness of the cybersecurity infrastructure. The data collected from the threat visibility module and the DNSCyte External DNS Server is compared to test the effectiveness of the existing solutions. By performing a comparison, the effectiveness of the existing UTM/NGFW, IPS, and DNS firewall products can be measured as summarised in the below diagram.
Holistic Threat Hunting for Stealth Cyber Attacks
CloudCyte provides free phishing attack simulator up-to 250 users and free trial of all features for thirty days.
Would you like to learn more about how to protect your business?

We're member of

We're member of

© 2019-2020 CyberCyte. All Rights Reserved.