DNS data is a powerful tool for threat detection. But here’s the funny thing: not only do most organizations spend far too little time collecting this data, but they also fail to recognize that DNS is a critical tool to speed time to remediation. In other words, DNS not only helps you see the mess, it helps you clean it up, and quickly.
That’s what one BlueCat customer discovered when it was subjected to a sophisticated cyber attack from a TrickBot worm – malware that self-propagates and uses man-in-the-middle techniques to exfiltrate financial data. Despite the severity of the attack, this organization was able to contain and remediate the breach in only 32 hours.
Now, BlueCat’s DNS Edge wasn’t the only solution employed – but it played an essential role in the remediation effort
Deployment of a DNS policy “cut the head off the snake.” Within hours of discovery, cyber was able to work with the network team to block any access to the command and control that the malware used to receive instructions.
Use of a DNS policy helped protect the network from future mistakes. Within minutes, a new policy was in force to keep corporate devices off personal mail sites.
This all happened in 32 hours, by the way.
It usually takes organizations months to discover a breach like this. And by then, it’s too late.
DNS is an vulnerable attack plane in your organization but it can be turned to your advantage with right tools.