Top Security Report #3 – DNS Top Tunneling Activity

Share On Facebook
Share On Twitter
Share On Linkedin

This blog discusses the report #3 in a series of seven top security reports that can help you defend against bad actors.

Here are the previous parts: part 1, part 2part 3part 4part 5

DNS Top Tunneling Activity

Similar to report #4, the DNS Top Tunneling Activity report enables data protection and malware mitigation by listing the overall tunneling activity by client, rather than the category, to show the highest number tunneling activities within a specific period.  Network and security admins use it frequently because it identifies the clients most often performing DNS tunneling activities and supports security forensics so that teams can take corrective action.  It’s a critical report for identifying clients attempting to exfiltrate company data through any DNS tunneling.

Top Report #3: DNS Top Tunneling Activity
Service Area Data Protection & Malware Mitigation
Purpose Lists the clients that have the greatest number of DNS tunneling activities in a given timeframe
Primary User Network & Security Admins
Importance Identifies the clients most often performing DNS tunneling activities, so Security can conduct forensic investigation & take action on those clients
Use Case Enables Security admins to identify clients attempting to exfiltrate company data through any DNS tunneling
Available Out-of-the-box & requires Advanced DNS Protection (ADP)

As before, the report is accessed through the security dashboard and requires ADP.  Admins can sort by time, top Number of tunneling instances, members, source IP addresses, source ports, NAT status and bar chart, data table or combined views.  Again, this data can be captured in .pdf and emailed automatically to designated teams.  The overall DNS Top Tunneling report is essential for identifying, triaging and removing sources of malware tunneling and data exfiltration on the network.

Top Security Report #3 - DNS Top Tunneling Activity Report

Here are the seven (7) security reports that can give you an edge over the bad actors.

Learn more:

  • Join the Infoblox Reporting & Analytics Technical Demo Series to continue the discussion in the free webinar on 7/17, 2018, 9A PDT, 12P EDT, 5P BST. Register
  • As an existing Infoblox DDI customer, you can deploy a virtual Infoblox Reporting & Analytics appliance free of charge — no strings attached. Download and try the Reporting & Analytics Free Tier today.

Labels:

Bob Rose

Sr. Product Marketing Manager, Solutions Marketing & DDI Value-Added Services at Infoblox

Bob has over 25 years of mid-to-senior level experience in B2B and B2C product marketing, product, project, program and partner management. This includes 14 years in technology (DDI, RPA, fintech, wireless and mobile apps, GIS and biometrics), 9 years in financial services, 3 years in healthcare and 2 years in manufacturing. He did his post-graduate work in Project Management and Quality and holds a Marketing Management BBA from Pacific Lutheran University in Tacoma, WA. He spends his personal time engaged in adult and youth ministries, coaching and watching soccer (go Liverpool FC & Sounders FC), sailing, camping, and listening to a variety of Christian, jazz and instrumental music.

View All Posts
×