From the Front Lines: Practical Application of DNS Threat Intel Data

  • Wednesday, 13 Jan 2016 1:00PM EST (13 Jan 2016 18:00 UTC)
  • Speakers: Robert M. Lee, Tim Helming

Every day, security teams must make fast, accurate decisions about which threats represent the highest risk, and how to defend against them. Attacks today are more targeted and our adversaries often control sophisticated, distributed networks. Goals range from data exfiltration to control or compromise of industrial infrastructure. But even the most stealthy and advanced attackers leave a trail behind them and these breadcrumbs from DNS and Open Source Intelligence (OSINT) offer a wealth of data for use in active defense.

In this webcast, we'll cover:

  • How DNS intelligence exposed the attack infrastructure behind one of the most sophisticated ICS (Industrial Control Systems) malware families
  • Other examples of breaches and attack scenarios where domain profile information could have helped detect or prevent the attacks
  • Specific indicators of attack and potential compromise that can be found in DNS, both internally and externally
  • Ways to better defend against attacks and data exfiltration using DNS and large-scale threat intelligence