• Dynamic DNS & Data Exfiltration

Description

One of the most common goals of malicious actors is to steal data. Data exfiltration refers to the successful sending of information out of an environment to an environment controlled by an attacker. For malicious purposes, dynamic DNS allows an attacker to change the actual host and IP address used as a drop zone, for “malvertizing”, or as a command and control point without having to modify the behavior of the malware used on the victim’s endpoint. This provides a quick and convenient mechanism for attackers to evade detection using traditional IP/domain reputation services. While dynamic DNS can be used for many stages of an attack, this scenario focuses on its use as a drop zone for data exfiltration, uncovered by noticing an anomaly in a daily report.

Customer values/problems solved

  • RSA Security Analytics allows for the reporting of all network, log, and net flow and endpoint data from a single interface. By leveraging a feed of known dynamic DNS top level domains, Security Analytics can produce a rich report summarizing all activity that has been seen both on the wire (packets) or from various devices in the network such as proxies and firewalls (logs).
  • In addition to just tagging traffic to and from dynamic DNS domains, Security Analytics can add valuable business and asset context to help an analyst sift through the noise.
  • By further investigating Use Case Reports within RSA, an analyst can reconstruct the exfiltrated data. This helps to evaluate the business impact of the attack as well as provides information for suitable containment measures.

Technologies

  • RSA NetWitness Suite

Partners

About Us

Global Data Centers is a division of NTT Ltd. Our global platform is one of the largest in the world. NTT is ranked as one of the top three leaders worldwide by IDC in their Colocation and Interconnection Services MarketScape, spanning more than 20 countries and regions including North America, Europe, Africa, India and APAC. As a neutral operator, we offer access to multiple cloud providers, a large variety of Internet Exchanges and telecommunication network providers including our own IPv6 compliant, tier 1 global IP network. Our clients benefit from tailored infrastructure and experience consistent best practices in design and operations across all of our reliable, scalable and customizable data centers.

Regional Contacts

Americas (RagingWire): +1 916 286 3000 
More Information
APAC:
More Information
EMEA (e-shelter / Gyron): +49 69 7801 2190
More Information
India (Netmagic): +1 800 103 3130
More Information