This blog discusses the report #4 in a series of seven top security reports that can help you defend against bad actors.
Here are the previous parts: part 1, part 2, part 3, part 4
Tunneling Traffic by Category
This report is another security report that addresses data protection and malware mitigation. It lists DNS tunneling activities by specific categories and the percentage of events by DNS tunneling in a given timeframe. It’s used frequently by network and security admins because it provides visibility into the top categories of DNS tunneling activities to prioritize risk mitigation efforts, and it helps defend against DNS tunneling-based malware insertion, data exfiltration, and anonymous IP traffic tunneling attempts. While some applications are designed to use DNS tunneling (e.g., Spotify, some anti-virus apps), a common use case occurs when security admins are looking deeper for the type of exfiltration activity in their environments to distinguish between malicious & legitimate requests.
|Top Report #4: Tunneling Traffic by Category|
|Service Area||Data Protection & Malware Mitigation|
|Purpose||Lists DNS tunneling activities by specific categories & the percentage of events by DNS tunneling in a given timeframe|
|Primary User||Network & Security Admins|
|Importance||Provides visibility into the top categories of DNS tunneling activities to prioritize risk mitigation efforts and counters DNS tunneling-based malware insertion, data exfiltration & anonymous IP traffic tunneling attempts|
|Use Case||Security admins need to look deeper into exfiltration activity in their environments to distinguish between malicious & legitimate requests|
|Available||Out-of-the-box & requires Advanced DNS Protection (ADP)|
Report access is available through the security dashboard and requires ADP. It allows the admin to filter for timeframe, top Number of tunneling instances, members and views through a pie chart, data table or both. Analytics in this report helps teams guard against tunneling to infiltrate malware onto the network, exfiltrate data from the network and other unwanted tunneling activities.
Here are the seven (7) security reports that can give you an edge over the bad actors.
- Top Security Report #7: DNS Top NXDOMAIN – NOERROR
- Top Report #6: Threat Protection – Top Rules by Source
- Top Report #5: Top Malware & DNS Tunneling by Client
- Top Report #4: Tunneling Traffic by Category
- Top Report #3: DNS Top Tunneling Activity
- Top Report #2: Malicious Activity by Client
- Top Report #1: DNS Top RPZ Hits
- Join the Infoblox Reporting & Analytics Technical Demo Series to continue the discussion in the free webinar on 7/17, 2018, 9A PDT, 12P EDT, 5P BST. Register
- As an existing Infoblox DDI customer, you can deploy a virtual Infoblox Reporting & Analytics appliance free of charge — no strings attached. Download and try the Reporting & Analytics Free Tier today.