Being able to detect misuse of the DNS protocol will allow you to stop the exfiltration faster.
(PRWEB) June 08, 2015
Plixer International, a leading network incident response and flow forensics company, announced today at CiscoLive 2015, new threat discovery algorithms for their FlowPro Defender, a security appliance which also produces IPFIX from network traffic. The new functionality provides network and IT professionals additional insight into malicious activities that have high-jacked the Domain Name System (DNS).
“DNS TXT messages provide a means of sending information into and out of your protected network over DNS, even when you have blocked use of an external DNS server,” says John Jerrim, Director of Cyber Forensics at Plixer. “Being able to detect misuse of the DNS protocol will allow you to stop the exfiltration faster.”
End systems involved with suspicious DNS communications or participating in other unwanted behaviors end up with a higher Threat Index™ and, over time, a threshold can be reached – triggering notification. By correlating IP addresses with authentication systems such as Microsoft Active Directory or Cisco ISE, the Plixer cyber threat detection system ensures that customers can associate actual usernames to the ends systems involved. Plixer’s suite of security appliances includes Scrutinizer, Flow Analytics, FlowPro Defender, and the Flow Replicator. When combined, the systems compile, weigh, and correlate a series of events that, over time, uncover behaviors that often positively identify low-and-slow infections or misconfigured systems.
To learn more about FlowPro Defender and its advanced flow and DNS security algorithms, reach out to our team to schedule a product demonstration, or visit us at booth 1501 at the show.