Page 63 - CSI - Cisco Security Introduction
P. 63

Cisco Umbrella









    Co-occurrence models



                                                                     Domains guilty by inference
















                             time -                                                                                                                          time +






                                     a.com             b.com                  c.com          x.com          d.com                  e.com             f.com





                                       Possible malicious domain                                                 Possible malicious domain



                                                                             Known malicious domain
                                      Co-occurrence of domains means that a statistically significant number of

                                     identities have requested both domains consecutively in a short timeframe


       ©
       © 2018 Engage ESM All Rights Reserved 2018 Engage ESM All Rights Reserved
   58   59   60   61   62   63   64   65   66   67   68