DNS & Security Gap Visibility

The IP address of 83% of the malware traffic cannot be resolved instantly.An IP address is assigned when it will act as a zombie on your network.The only place to see malicious traffic is the DNS logs.

Are you analyzing your DNS traffic?
DNS and Security Gap Visibility reads, enriches, normalizes local DNS server logs and sends the traffic that contains security risk to the SIEM solution.

Could it be a solution to forward thousands of EPS to SIEM products? 🧐
Regardless of vendor or model, DNS server logs are collected.
From DHCP server logs, MAC and hostname information are added to the data.
From Active Directory security logs, username information is added to the data.
Query has been enriched with domain classification info
Rule based SIEM integration is provided

What is rule based SIEM integration? An average organization’s DNS log consists of 92% known safe domains.

Sending these logs to the SIEM solution increases the total EPS amount of the SIEM as well as extends the examination period. Instead, only the required traffic should be sent meaningfully to the SIEM product.

Save at least 1000 times EPS by sending only malicios and valuable data to SIEM.

While all your enriched data stays in DNSSense DNS Visibility, only data to be examined goes to SIEM.

Much more important than detecting the malware traffic is the information that the malicious traffic 🚨 cannot be blocked by security systems 💣 reaches the command center.

Check if the malicious requests are blocked by existing security devices.​

Domain Enricment

DNS Visibility keeps the domains queried by your users for 1 year back.

If any domain is visited from your network for the first time, it sends detailed information about the domain to the SIEM solution, so that the SoC team can examine the domain as quickly as possible.

Some of the information provided about the domain;

– How long the domain has been up
– Registration date
– How many subdomain included
– How many IP addresses used
– How many IP addresses changed in the last year
– If the IP address or subdomain is in any OSINT today or in the past

All of the information provided can be viewed at cyber-xray.com with advanced reporting capabilities.

Instantly report malicious DNS queries by detecting them from which client, application, software or files they originate.​
Lorem ipsum is placeholder text commonly used in the graphic, print, and publishing industries for previewing layouts and visual mockups.
Lorem ipsum is placeholder text commonly used in the graphic, print, and publishing industries for previewing layouts and visual mockups.
Lorem ipsum is placeholder text commonly used in the graphic, print, and publishing industries for previewing layouts and visual mockups.
Lorem ipsum is placeholder text commonly used in the graphic, print, and publishing industries for previewing layouts and visual mockups.

DNS & Security Gap Visibility

The IP address of 83% of the malware traffic cannot be resolved instantly.An IP address is assigned when it will act as a zombie on your network.The only place to see malicious traffic is the DNS logs.

Are you analyzing your DNS traffic?
DNS and Security Gap Visibility reads, enriches, normalizes local DNS server logs and sends the traffic that contains security risk to the SIEM solution.

Domain Enricment

DNS Visibility keeps the domains queried by your users for 1 year back.

If any domain is visited from your network for the first time, it sends detailed information about the domain to the SIEM solution, so that the SoC team can examine the domain as quickly as possible.

Some of the information provided about the domain;

– How long the domain has been up
– Registration date
– How many subdomain included
– How many IP addresses used
– How many IP addresses changed in the last year
– If the IP address or subdomain is in any OSINT today or in the past

All of the information provided can be viewed at cyber-xray.com with advanced reporting capabilities.