Solution by need

Detect DNS Tunnelling Attacks

Problem

Theft or unauthorised movement of any data from a company, formally known as data exfiltration, is one of the biggest cybercrimes in today’s world. It typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and mobile phones, through various cyberattack methods. In the last two years, the average annual cost of insider threats has skyrocketed, rising 31% to $11.45 million (ObserveIT, 2020). Moreover, 62% of companies in the Americas experienced a data breach or cyber incident in 2021 (KPMG,2022), suffering financial losses as a result.

Cybercriminals know that DNS is a well-established and trusted protocol and have figured out that many organisations do not examine their DNS traffic for malicious activity. DNS tunnelling enables these cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. That’s why DNS tunnelling is one of the most common attacks involved in data thefts.

DNS tunnelling is not always detectable with a firewall or proxy as they are designed to work in the application layer (Layer 7). Data Loss Prevention (DLP) technologies are designed to monitor protocols to which files can be attached, such as HTTP, FTP, IM, Telnet, TCP/IP, SMTP, POP3, and IMAP. However, they do not analyse DNS logs.

Blocking DNS-based threats is a major challenge, and cybercriminals use its pervasive but easily overlooked attack surface to their advantage. Targeted data, for example, can be converted to Base 64 and then exported using the DNS protocol, which can be easily disregarded. As a result, companies are losing money and reputation.

DNSSense's Solution

One of the many futures of our DNSDome cloud-based product is its ability to detect and prevent DNS tunnelling. With DNSSense’s Secure DNS cloud solution, DNS tunnelling attacks can be detected, blocked, and reported to a SIEM solution instantly before any malicious activity is completed.

DNSSense uses heuristics and behavioural methods such as monitoring impulsive spikes in the volume and number of DNS queries from individual source IPs to detect DNS Tunnelling.

More importantly, It boasts the most advanced AI-based dynamic threat intelligence database, Cyber X-Ray, which stores the entire domain data on the Internet chronologically where the magic happens to detect the most advanced DNS tunnelling attacks with NEARLY ZERO FALSE POSITIVES. It is the most effective solution to save your data, money and reputation from DNS tunnelling attacks.

Learn more about DNSDome
Solutions by need
Collect Your DNS Log With Ease
Detect DNS Tunnelling Attacks
Detect Invisible Malicious Traffic
Defend From Firstly-Seen Domains
Save 95+% in DNS Log Processing Costs With Smart SIEM Integration
Protect Remote and Roaming Clients
Find the Real Machine That Generates Malicious DNS Traffic
Find the -Escapers- in Your Network
338a Regents Park Road, Office 3 And 4, N3 2LN London, United Kingdom
COMPANY
About UsWhy DNSSenseLeadersContact SupportContact Us
OUR PRODUCTS
DNSEyeDNSDomeCyber X-Ray
EXPLORE
BlogMediaDownloadFAQ
STAY IN TOUCH
LinkedInYouTube
DNSSENSE DNS IP ADRESSES
45.129.19.19
45.129.19.20
Terms of ServicePrivacy Policy
We value your privacy
By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Accept CookiesDenyPreferences