Page 57 - CSEW
P. 57

Cisco Umbrella Investigate –

      Type of Threat Information Provided


                                                                                                              Competing Vendors



                                                           Passive DNS database

               Investigate                                 WHOIS record data


                                                           Domain reputation scores


                                                           ASN attribution


                                                           IP geolocation



                                                           IP reputation scores


                                                           Domain co-occurrences                                 Not available

           Single, correlated                              Anomaly detection (DGAs, FFNs)                         Not available
           source of

           information                                     DNS request patterns/geo. distribution                 Not available


      © 2016 Engage ESM All Rights Reserved                                                                                             63
   52   53   54   55   56   57   58   59   60   61   62