PREDICTIVE intelligence
Blocking C2 at DNS ensures that the session is not even established with the attacker-controlled server , providing mitigation at the earliest possible opportunity .
Detecting data exfiltration over DNS involves monitoring an organisation ’ s DNS traffic in real time for unusual patterns , such as high-frequency queries to uncommon domains or queries with high entropy in their names . This behaviour-based analysis can identify data exfiltration to domains even if those domains are not yet categorised as malicious in threat feeds . It is important that all DNS record types are examined ( e . g .: A , AAAA , CNAME , MX , NS , SOA , TXT , etc .) because malware could use any or multiple of these record types to avoid detection by standard security tools .
Summary
Once ransomware lands , organisations have only about an hour to detect , investigate and remediate .
Proactive protection against ransomware is extremely important because once ransomware lands , organisations have only about an hour to detect , investigate and remediate to avoid a broader scale incident . Hence it is extremely critical to identify and stop C2 before the ransomware gets activated and propagates .
WWW . INTELLIGENTCISO . COM 35