Looking for Threats in a DNS Dumpster Dive

 

"So I've got a giant pile of DNS logs... How much is enough? Where do I start?" - Security Analysts everywhere

If you’ve managed to harvest your log data from all of your DNS servers - first of all, congratulations! Truly. That’s easier said than done if you’re using Microsoft Active Directory. But now what? Where do you even start with this giant list of logs? And how do you find something when you don’t know what you’re looking for?

In this video, BlueCat’s CTO, Andrew Wertkin uses real DNS query examples to show you how to methodically approach your giant pile of data logs to identify and remediate threats.

You’ll learn:

  • Why you should be collecting DNS data at the first hop on your network
  • How adversaries are using your DNS and the clues you can uncover in your DNS data
  • Real examples of how DNS exposes data exfiltration, SpamBots, and other types of malicious activity
  • The next steps to take in an investigation of suspicious activity to identify and triangulate threats, control spread and remediate breaches more quickly