It is arguably true that you could find loads of malicious activities on a network with thousands of machines and users. The fact of the matter is that, what you find may not be the entirety of such activities but rather just what your current security devices are able to report.
The question then arises: what about the malicious traffic that your security measures fail to detect?
And, how can you assess the efficiency of your current security investments?
These are significant challenges that enterprise networks face and must address.
Powered by its “Security Gap” feature, DNSSense’s DNSEye is a VM appliance that works in your network.
The Security Gap feature reports malicious traffic that the existing security devices cannot detect. Security Gap simulates connection to the malicious domain to test the network security in 3 different ways, as follows:
1- Tests with DNS query from existing DNS server
2- Tests with HTTP/HTTPS request via the proxy server
3- Tests to reach a malicious domain using a direct HTTP/HTTPS connection through Gateway.
DNSEye VM appliance in your network sends a malicious connection request to DNSSense's cloud-based malicious simulation service, with a specific metadata.
Security Gap = Blocked, malicious traffic has been blocked
In case DNSSense’s simulation service does not receive the metadata, which means the malicious connection has been blocked by Security Gap, it is reported as an instance of a blocked attack along with information on the device (Proxy or UTM) that has successfully blocked the malicious traffic.
Security Gap = Passed, simulation has been successful
In case the simulation service receives the metadata, which means the malicious connection has managed to bypass the security, it is reported as an instance of a successful attack along with information on the device (Proxy or UTM) that was unable to block the malicious traffic.
This information can later be used to harden the network’s security policies. In other words, DNSSense constantly enhances the overall security status of the network.