Page 62 - CSI - Cisco Security Introduction
P. 62
Cisco Umbrella
1M+ Live Events
Statistical Models Per Second
FULLY AUTOMATED
“C-Rank” Model (co-occurrences)
• Identifies other domains looked up in “SP-Rank” Model (spike rank)
rapid succession of a given domain
• Detect domains with
• Correlations uncover other domains sudden spikes in traffic
related to an attack
• Finds domains involved in active attacks
“NLP-Rank” Model
(Natural Language Processing & AS Matching)
Predictive IP Space Monitoring
• Detect domain names that spoof brand • Analyzes how servers are hosted to
and tech terms in real-time
detect future malicious domains
• Identifies steps that
Many More Models
precede malicious activity
• Live DGA • Geo-Diversity
• SecureRank • Geo-Distance
Earliest & Most Accurate Predictions & Classifications
©
© 2018 Engage ESM All Rights Reserved 2018 Engage ESM All Rights Reserved
