|    1-877-JESKELL     |

Security update: Fast Fluxing & More

Jun 1, 2015 7:52:08 AM | Security

In order to combat increasing levels of sophistication and determination throughout the cyber threat environment, new paradigms in cyber security defense are required. Organizations must be able to understand enemy tactics, techniques, and procedures (TTPs) through the analysis of full scope threat intelligence.

“DNS Fast Fluxing” is one example of an adversarial TTP.  The DNS part (for Domain Name System) translates Internet domain and host names into Internet Protocol (IP) addresses through a distributed recursive methodology. DNS Fast Fluxing is a technique used by botnet command and control servers to hide phishing and malware insertion delivery sites. It does so with an ever-changing network of compromised hosts forced to act as proxies for their phishing and malware hijackers.  By jumping rapidly from IP address to IP address, it becomes extremely difficult to block these sites from compromising your enterprise with traditional blacklists. Botnets can use this distributed proxy technique to become very resistant and resilient to discovery and counter measures.  Traditional rules and signature-based network defense systems cannot sufficiently detect these kinds of adaptive threats.

Fast_Fluxing

Source: http://en.wikipedia.org/wiki/Fast_flux

That’s why Jeskell advocates for using a real-time, contextual, and algorithm-based solution. Only by assessing threats in true real-time, with adaptive automation based on advanced machine learning algorithms, can such attacks be detected before they cause potentially devastating harm.

Jeskell believes the solution requires a “big data” framework to understand, interpret, refine, and store the volume and velocity of data travelling on the network. Specifically, this type of system should include:

  • A streaming data analytics platform to provide detection in true real-time

  • The ability to efficiently store all of the necessary data for extended periods of time to provide forensic discovery and historical insight

  • The correct data mining tools to drill deeply into historical data to provide context and correlation to the real-time detection

  • Experienced and well trained cyber security experts

  • Automation to free your cyber security experts to pursue the next threat, instead of constantly responding to day to day requirements

    • This automation involves the employment of advanced machine learning algorithms with supervised and unsupervised learning models

  • Visualization tools for use by network security personnel to drill in to data upon detector alert

  • System integration to ensure efficient communication between subsystems and overall systems resiliency

For more information, download our data sheet: www.jeskell.com/security-cybersentinel

And don't forget to subscribe to our blog!

< Back to All
Steve Koppenhafer

Steve Koppenhafer

For more information on this topic, contact me below.

Contact Us

Categories

Security

Subscribe now to get our latest news