DNS traffic is not only extensive but also requires speed to function properly. Tracking thousands of queries per second presents a monumental challenge for cybersecurity, providing adversaries with opportunities to embed concealed malicious data within legitimate DNS traffic. This compromises network security and paves the way for data exfiltration and tunneling attempts through DNS queries.
Despite the market being flooded with vendors claiming to prevent DNS data exfiltration, evading these systems is surprisingly easy as they rely on pattern recognition technologies. Attackers can use basic DNS exfiltration tools with unique patterns and generate “noise” by making queries to legitimate websites to blend in with regular network traffic, making detection very difficult.
AI-based DNS Tunnel Defence
A DNSDome Feature
DNSSense’s revolutionary DDR 2.0 technology combines AI-based and data-driven detection techniques to detect DNS traffic anomalies across multiple dimensions by correlating data from the responsible process to the historical analysis of target domains. This robust system enables the identification and prevention of even the most elusive DNS tunneling attacks including ultra-slow DNS tunneling that could persist for up to two years to transfer a mere 2MB of data.