Advanced DNS Visibility

Advanced DNS Visibility

What is the DNS Visibility feature?

DNS Visibility is a feature of DNSEye: a pioneering tool that detects sources of malicious activities on networks regardless of their size. DNSEye enhances the security of clients by generating user-specific reports and warnings.

92% of businesses do not have any visibility in their DNS traffic or lack any traffic reporting tool that allows DNS data analysis. This can mainly be attributed to the high number of DNS-related EPS counts and the difficulty involved in interpreting the DNS traffic.

DNSEye allows you to detect the device generating malicious traffic irrespective of the network size. Detailed data about the device such as its MAC address and source IP address along with user information are then be reported. This way, EPS costs will be substantially reduced given that only malicious traffic is reported.

How does the DNS Visibility feature work?

DNS queries made by the user are first forwarded to DNSEye and then undergo a matching process where DNS logs containing real-time traffic data, source IPs, and hostname information are collected.

Next, user information, including username and AD domain, is gathered from Microsoft Active Directory and analysed along with the device’s MAC address obtained from the DHCP server. Data collected from Microsoft AD and DHCP are then matched to DNS logs.

The next step involves directing the domain names to DNSSense’s DNS servers. Real-time DNS traffic is analysed and the requested domain is categorised by DNSSense’s AI-based algorithm. Boasting a 99.9% precision rate in categorisation, DNSSense classifies the traffic into different grades with the help of DNSSense’s Cyber Threat Intelligence platform and AI-based substructure.

After the matching and the categorisation processes, a meaningful report is generated that includes information on the user, the exact domain(s) requested, the device used to make the request as well as the precise time of the request.