sýnesis™ DNS Analytics allows operations and security teams to quickly identify policy violations, unusual user behavior and malware threats through real-time analysis of DNS query logs.
The DNS Analytics dashboards provide an intuitive view of all DNS queries and allow operators to easily drill-down to conditions of interest.
Anomaly detection methods are leveraged to detect abuses of DNS services such as DNS Tunnelling, a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses.
DNS tunnelling often includes data payloads that can be added to an attacked DNS server and used to control a remote server and applications. DNS Exfiltration, a method to steal user data by encoding it into the host and subnet portion of DNS lookup, is a common use of DNS Tunnelling techniques.
Similar to all sýnesis™ solutions, DNS Analytics is built on the foundation of the KOIOS Data Model. This normalized schema allows all sources of DNS data to be viewed with common dashboards and analyzed with a library of common methods.