Defending against attackers has become increasingly difficult. Solutions using signature based detection such as IPS and anti-virus are still needed, but no longer prevent all malware or virus infections. What can be done to improve the ability to prevent attackers from completing their objectives? One option is to proactively look for them. This talk will discuss options for analyzing DNS logs with a goal of identifying anomalies. DNS is a foundational technology that allows the internet to function and is present in practically every network. Malicious actors are using DNS for command and control as well as data exfiltration. Using some basic statistics it is possible to identify anomalies in DNS traffic. These anomalous events can be evaluated to identify potentially malicious activity. Come see and hear about specific examples in finding DNS anomalies. Attendees will leave with new knowledge and ideas that can be used with their own data.
Jamie Buening is a graduate of Purdue University with sixteen years of work experience in UNIX systems, networking, and information security. He currently works as an Information Security Analyst in the electric power industry. Responsibilities include Threat Intelligence and Incident Response. Jamie is a Certified Information Systems Security Professional (CISSP).
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek