Page 79 - CSI - Cisco Security Instroduction - BT
P. 79

Cisco Umbrella                                                           1M+ Live Events


          Statistical Models                                                          Per Second






                                                                                 FULLY AUTOMATED
        “C-Rank” Model (co-occurrences)

      • Identifies other domains looked up in                                                                                       “SP-Rank” Model (spike rank)

         rapid succession of a given domain
                                                                                                                               • Detect domains with
      • Correlations uncover other domains                                                                                        sudden spikes in traffic

         related to an attack
                                                                                                                               • Finds domains involved in active attacks


                    “NLP-Rank” Model
         (Natural Language Processing & AS Matching)
                                                                                                                                   Predictive IP Space Monitoring
      • Detect domain names that spoof brand                                                                                   • Analyzes how servers are hosted to

         and tech terms in real-time
                                                                                                                                  detect future malicious domains

                                                                                                                               • Identifies steps that
                    Many More Models
                                                                                                                                  precede malicious activity
           •   Live DGA            •   Geo-Diversity
           •   SecureRank          •   Geo-Distance


                                                   Earliest & Most Accurate Predictions & Classifications




          82
   74   75   76   77   78   79   80   81   82   83   84