Page 56 - CSI - Cisco Security Introduction
P. 56

Gather Intelligence & Enforce


       Security at the DNS Layer






                   Any Device                                                  Recursive DNS                                                     Authoritative DNS



                                                                                                                                                              root




                                                                                                                                                              com.




                                                                                                                                                              domain.com.





                                           Request Patterns                                                       Authoritative Logs



                                                Used to detect:                                                          Used to find:


                                    • Compromised systems                                                    • Newly staged infrastructures
                                    • Command & control callbacks                                            • Malicious domains, IPs,

                                    • Malware & phishing attempts                                               ASNs
                                    • Algorithm-generated domains                                            • DNS hijacking

                                    • Domain co-occurrences                                                  • Fast flux domains

                                    • Newly registered domains                                               • Related domains



       © 2018 Engage ESM All Rights Reserved 2018 Engage ESM All Rights Reserved
       ©
   51   52   53   54   55   56   57   58   59   60   61