How to correlate Cisco Umbrella alerts with private IP addresses

The cloud-first movement is taking over every facet of information technology, and DNS is not excluded. There are tons of vendors that provide solutions around DNS security. The use case this blog will cover can apply to many of them, but I’m choosing to focus on Cisco Umbrella because recently there have been a flood …

How to correlate Cisco Umbrella alerts with private IP addresses Read More »

How to Detect DNS Data Breaches

The Domain Name System (DNS) is used to resolve human-readable hostnames like www.plixer.com into machine-readable IP addresses like DNS also provides other information about domain names, such as mail services (as mx records) and can be used to provide domain ownership validation for various services (e.g. Google Apps). While this is an important, if …

How to Detect DNS Data Breaches Read More »

Data Exfiltration over DNS

How many companies out there are monitoring DNS traffic? Are you concerned about data exfiltration over DNS? How many people even know that is possible? These are questions I get to ask customers, and the response I get is the same with everyone. Not very many companies monitor their DNS traffic.

Monitoring DNS Traffic

It seems as if monitoring DNS traffic has become pretty popular lately. Our security team just utilized DNS traffic records shown in NetFlow in order to catch an infected Macbook on our Network and just yesterday, we discovered an iPhone reaching out to a plethora of Non Existent Domains.