Signature-based detection is a widely used approach for identifying malicious activity by comparing network traffic to known signatures or patterns. However, this method has limitations in detecting indicators of compromise (IOCs) for emerging threats that have never been seen before. This challenge is particularly pronounced when infected hosts attempt to connect to inactive or abandoned command-and-control servers to receive further instructions and payloads.
To address this problem effectively, it is crucial to complement signature-based detections with products that offer insights into traffic behavior, enabling a more contextual understanding of potential threats
Traffic Investigation
A DNSEye Feature
DNSSense departs from traditional pattern recognition technologies by leveraging artificial intelligence and machine learning algorithms to detect the slightest deviations from normal DNS traffic distributions. This AI-driven approach, in conjunction with the most up-to-date security telemetry of internet assets from Cyber X-Ray, ensures unparalleled precision in detecting both well-established and previously unknown threats such as novel zero-day exploits.
Built into the “Traffic Investigation” module, the “Why Visited” feature possesses the remarkable ability to see beyond the surface, revealing the actual paths to compromised websites and unauthorised traffic redirections. it can also differentiate between voluntary and involuntary DNS requests made by users, while delivering crucial process information such as the responsible users or applications generating malicious traffic, as well as the initiation time, spread, and recurrence.