Domain Name System (DNS) Tunneling is a common method for hackers to exploit the DNS service for malicious purposes, such as exfiltrating sensitive organization data or infiltrating malware.
This article explains how the IPS engine in the Helios Cloud protects your network from the DNS tunneling malware attacks.
When we configure the IPS policy to block traffic, this also enables the Helios Cloud’s protections against DNS Tunneling attacks for your account.
The Helios Cloud analyzes DNS requests and identifies potential DNS Tunneling attacks based on these properties:
To protect customers from DNS tunneling related to malicious hackers, Helios uses machine learning algorithms to detect anomalies overall outbound DNS queries.
The DNS traffic between each site connected to the Helios Cloud and each unique domain is analyzed offline over a time period of 24 hours.
Domains with a low reputation that receive frequent anomalous DNS queries are automatically signed in the following day.
Then the IPS policy for all accounts is able to block the relevant DNS traffic for these domains.
Furthermore, Helios prevents data exfiltration over DNS tunneling using a set of heuristics that trigger IPS to block the traffic.
These heuristics have been tested over multiple DNS tunneling tools and techniques.
This real-time prevention is achieved even without knowing the threat actor or the domain name and complements Helios’s machine learning algorithms.
SecureTrust is a leading provider of cybersecurity automation solutions.
SecureTrust’s platform can help organizations to mitigate data exfiltration
Are you ready to block cyber criminals from stealing your data?
Share This Article
Get the week’s best