It is arguably true that you would find loads of malicious activities on a network with thousands of machines and users. In fact, what you would find may not be all of this malware activity but rather just what your current security devices are reporting.
And therefore, what about the malicious traffic that your current security measures are unable to detect?
How could you measure the efficiency of your current security investments?
These are the significant challenges that we face in the enterprise networks.
DNSSense DNSEye is a VM appliance that works in your network, and the 'Security Gap Report' is one of its futures.
The Security Gap feature reports malicious traffic that the existing security devices cannot detect. Security Gap simulates connecting to the malicious domain to test the security in the network by 3 different ways, Which are;
1) Test with DNS query from existing DNS server
2) Test with Http/Https request via the proxy server
3) Tests to reach a malicious domain with direct connection HTTP/HTTPS through Gateway.
DNSEye VM appliance in your network sends a malicious connection request to DNSSense's cloud-based malicious simulation service, with a specific metadata.
Security Gap = Blocked, malicious traffic is blocked;
When DNSSense's simulation service does not get the metadata, which means the malicious connection is blocked by the security, it is reported as the attack is blocked along with the information about which device (Proxy or UTM) successfully blocked the malicious traffic.
Security Gap = Passed, simulation is successful;
When the simulation service receives the metadata, which means the malicious connection managed to pass the security, it is reported as the attack is successful along with the information about which device (Proxy or UTM) is failed.
This information later can be used to harden the network’s security policies. In other words, DNSSense provides constant enhancement for the overall security posture.