DNSEye

Detect the attacks “that others miss”

DNSEye detects malicious traffic on your network, and reports whether this traffic can be blocked by your other security devices.

Why is it important to analyse DNS logs?

Monitor All Your Traffic

DNS is used by all protocols like HTTP, HTTPS, SMTP, and IoT. DNS traffic provides information about your entire network, regardless of its network protocol.

DNS Tunneling

With DNS Tunnelling, data exfiltration attacks cannot be detected by DLP products. It requires DNS log analysis for an effective solution.

Invisible Malware Domains

80% of malware domains currently do not have an IP address. Malware requests that do not have an IP address can only be detected in the DNS log.

See beyond your logs with DNSEye

DNSservers generate a large number of difficult-to-understand logs. DNSEye enablesthe collection, enrichment, and AI-based classification of the DNS logs.

With its advanced SIEM integration, it saves time and EPS by transferring to SIEM only the data that SOC teams need to see.

Key benefits

1

DNS log collection

DNSEye can collect logs from many different brands and models of DNS servers without the need for making any change in your network structure. It can collect Microsoft, Infoblox, BIND, BlueCat,EfficientIP, F5, and Citrix DNS server logs with high performance.
2

Domain categorisation

Before selecting data for review by SOC teams, the domains must first be classified. With DNSSense’s AI-powered Cyber X-Ray infrastructure, they are divided into 72 different categories in 4 main groups.
3

Detection the source of the malicious activity

DNS logs only include the source IP address. Since IP addresses vary, this should be enriched with information on the permanent machine and user behind the DNS query in question. DNSEye’s “Host Discovery”, “User Identification” and “Report” features uncover the real machine that makes the DNS query and the users logged into this machine.
4

SIEM integration

DNSEye’s advanced reporting interface gives you easy access to classified and meaningful reports on the previous year’s DNS traffic. In addition, it transmits data needed by SOC teams for analysis to the SIEM product. It provides users with a very flexible interface for selecting logs to be transmitted. Apart from sending the entire log according to the user's preference, DNSEye can save up to 1000 times the amount of logs with the ability to apply different DNS query filters to better define traffic information.
5

See attacks that others miss

Courtesy of its Security Gap feature, DNSSense reports the existing malicious activities that have managed to pass through each current security asset (UTM Firewall, Proxy, DNS Firewall, etc.) in your network without detection.
6

EDR integration

The APIs of EDR systems are used to gather information about the application that makes the malicious DNS query in order to understand whether the devices are infected or not.
7

DNS traffic learning and anomaly detection

In corporate networks, the amount of DNS traffic, visited categories and even the visited domains come in certain patterns. DNSEye learns the DNS traffic of the institution in question and reports anomalies.

Frequently asked questions

What is the “Security Gap” feature?

What are the advantages of your smart SIEM integration?

Which SIEM products do you provide integration with?

Which DNS products do you read with “DNSEye”?

Why is DNS visibility important?

Try DNSEye today for free

Ready to get started?

The best way to understand the power of DNSEye is to see it for yourself. Download and install DNSEye VM appliance today.
Request a Demo