Making DNS Your Greatest Ally in Active Defense

  • Thursday, 03 Sep 2015 1:30PM EDT (03 Sep 2015 17:30 UTC)
  • Speakers: Tim Helming, Dave Shackleford

The nature of attacks against our infrastructure and applications has changed. Attacks today are more targeted, and the more advanced adversaries have sophisticated distributed networks to attack and control systems that are compromised. At the same time, our own environments are getting more complex and spread out all the time. Fortunately, even the most stealthy and advanced attackers leave some trail behind them, and it's up to us to find these breadcrumbs and defend against the attackers in any way possible. Fortunately, DNS and Open Source Intelligence (OSINT) offer us a wealth of data about attacks and attackers.

In this webcast, we'll cover:

  • A brief timeline of attacker techniques, focusing on different styles of command and control, as well as data exfiltration
  • Current examples of breaches and attack scenarios where DNS and domain profile information could have helped detect or prevent the attacks
  • Specific indicators of attack and potential compromise that can be found in DNS, both internally and externally
  • Ways to better defend against attacks and data exfiltration using DNS and large-scale threat intelligence