Hackers often leverage DNS to bypass security controls and compromise networks. Malicious activities involving infected hosts are difficult to detect, especially when they attempt to connect to command-and-control servers that are in an inactive or abandoned state.
Generating no other events besides unsuccessful DNS requests, infected devices can receive further instructions and payloads once command-and-control servers are assigned an IP address.
By integrating the analysis of DNS requests with domain classification provided by Cyber X-Ray, DNSEye reveals infected devices, even when their command-and-control servers are inactive.
DNSEye identifies infected devices, users, and rogue applications by leveraging integrations with EDR, XDR, DHCP, and IAM platforms, using a combination of AI and machine learning.
Consolidating the attribution and discovery events, DNSEye also creates security alerts to SIEM and SOAR applications, enabling SOC teams to stop attacks earlier in the kill chain and discover potential breaches.