SlideShare a Scribd company logo

O seu DNS está protegido

Cisco do Brasil
Cisco do Brasil

This document discusses how DNS can be used as an attack vector and the importance of DNS security. It provides examples of how attackers can use DNS for command and control of botnets, data exfiltration, and domain generation algorithms. The document also describes Cisco's Umbrella security solution, which uses DNS enforcement and threat intelligence to protect networks and devices from internet malware, C2 botnets, phishing, and other threats.

Technology
1 of 30
Download to read offline
Fernando Zamai – fzamai@cisco.com Security Consulting Aug, 2016 Ele pode ser seu vetor de ataques. Seu DNS está protegido?
enterprise network Attacker Perimeter (Inbound) Perimeter (Outbound) Research targets 11 C2 Server Spear Phishing (you@acme.com) 2 https://welcome.to.jangle.com/exploit.php Victim clicks link unwittingly3 Bot installed, back door established and receives commands from C2 server 4 Scan LAN for vulnerable hosts to exploit & find privileged users 5 Privileged account found.6 Admin Node Data exfiltrated7 System compromised and data breached.8 Vulnerabilities, Exploits, Malware Hacked Mail Server – acme.com Hacked Web Server – jangle.com Main Vectors
HARD-CODED IP @23.4.24.1 “FAST FLUX” @23.4.24.1 bad.com? @34.4.2.110 @23.4.34.55 @44.6.11.8 @129.3.6.3 DOMAIN GENERATION ALGORITHM bad.com? @34.4.2.11 0 baa.ru? bid.cn @8.2.130.3 @12.3.2.1 @67.44.21.1 Evolution of Command & Control Callbacks
DNS Tunnel DNS Server bad.net 10011001 11100010 11010100 10010010 01001000 DNS Query alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net DNS Answer alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net = 2.100.4.30 10011001 11100010 11010100 10010010 01001000 http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html Authoritative DNS root com. cisco.com.
INTERNET MALWARE C2/BOTNETS PHISHING AV AV AV AV ROUTER/UTM AV AV ROUTER/UTM SANDBOX PROXY NGFW NETFLOW AV AV AV AV MID LAYER LAST LAYER MID LAYER LAST LAYER MID LAYER FIRST LAYER Where Do You Enforce Security? Perimeter Perimeter Perimeter Endpoint Endpoint CHALLENGES Too Many Alerts via Appliances & AV Wait Until Payloads Reaches Target Too Much Time to Deploy Everywhere BENEFITS Alerts Reduced 2-10x; Improves Your SIEM Traffic & Payloads Never Reach Target Provision Globally in UNDER 30 MINUTES
What We Observe On The Internet
Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data
Our View of the Internet providing visibility into global Internet activity (e.g. BGP, AS, Whois, DNS)
We See Where Attacks Are Staged using modern data analysis to surface threat activity in unique ways
Apply statistical models and human intelligence Identify probable malicious sites Ingest millions of data points per second How Our Security Classification Works a.ru b.cn 7.7.1.3 e.net 5.9.0.1 p.com/jpg
PRODUCTS & TECHNOLOGIES UMBRELLA Enforcement Network security service protects any device, anywhere INVESTIGATE Intelligence Threat intelligence about domains & IPs across the Internet
A New Layer of Breach Protection Threat Prevention Not just threat detection Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances Turn-Key & Custom API-Based Integrations Does not require professional services to setup Block by Domains, IPs & URLs for All Ports Not just ports 80/443 or only IPs Always Up to Date No need for device to VPN back to an on-prem server for updates UMBRELLA Enforcement
A Single, Correlated Source of Information INVESTIGATE WHOIS record data ASN attribution IP geolocation IP reputation scores Domain reputation scores Domain co-occurrences Anomaly detection (DGAs, FFNs) DNS request patterns/geo. distribution Passive DNS database
Investigate ouvidoria@acirpsjriopreto.com.br ACIRP - Associação Comercial e Empresarial de São José do Rio Preto http://www.acirpsjriopreto.com.br/ culturaembrasilia.com php-code Imprimir.php
Suspect Behaviour
Suspect Behaviour
OpenDNS Works With Everything You Use FUTURE-PROOF EXTENSIBILITY ANY NETWORK Routers, Wi-Fi, SDN ANY ENDPOINT VPN, IoE ANY TECHNOLOGY Firewalls, Gateways SECURE APIs OPEN TO EVERYONE SECURITY PROVIDERS FireEye, Cisco, Check Point NETWORK PROVIDERS Meraki, Aruba, Aerohive CUSTOMERS In-house Security Systems
ENDPOINT SECURITY (block by file, behavior) How OpenDNS Complements On-Network Security Stack NETWORK FIREWALL (block by IP, packet) WEB PROXY (block by URL, content) OpenDNS UMBRELLA (block by domain/IP, URL)
Branch Campus Edge Operational Technology Cloud Data Center Endpoint Security Everywhere Cisco’s Strategy
1 2 3 CLOUD SERVICE W/FULL SELF-PROVISIONED TRIAL Point DNS traffic from one office without hardware or software and without network topology changes or device configuration changes ADD OFF-NET COVERAGE & PER-DEVICE VISIBILITY Protect your weakest links and identify which specific devices (or users) are targeted by attacks; self-updating software is required EXTEND PROTECTION & ENRICH DATA VIA APIs Help SOC teams to get more value out of existing investments like FireEye and incident response teams investigate threats faster Get Started in 30 Seconds…Really
O seu DNS está protegido
O seu DNS está protegido

Recommended

Isa
IsaIsa
Isadeshvikas
 
WiFi security
WiFi security WiFi security
WiFi security
Ihor Uzhvenko
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
David Perkins
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor Session
Splunk
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Luca Bongiorni
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
F-Secure Corporation
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
 

Recommended

Isa
IsaIsa
Isadeshvikas
 
WiFi security
WiFi security WiFi security
WiFi security
Ihor Uzhvenko
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
David Perkins
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor Session
Splunk
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Luca Bongiorni
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
F-Secure Corporation
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
Luca Bongiorni
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
Alya Al Saadi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
AlienVault
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
Dilum Bandara
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
F-Secure Corporation
 
D zone-firewall-datasheet
D zone-firewall-datasheetD zone-firewall-datasheet
D zone-firewall-datasheet
Lindsay Carreau
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
Ishan Girdhar
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat Landscape
F-Secure Corporation
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
Silva_2
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
David Perkins
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2
F-Secure Corporation
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Security in network
Security in networkSecurity in network
Security in networkDaNang University of Technology
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
Greater Noida Institute Of Technology
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based Security
John Wiley
 

More Related Content

What's hot

A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
Luca Bongiorni
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
Alya Al Saadi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
AlienVault
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Huda Seyam
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
Dilum Bandara
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
F-Secure Corporation
 
D zone-firewall-datasheet
D zone-firewall-datasheetD zone-firewall-datasheet
D zone-firewall-datasheet
Lindsay Carreau
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
Ishan Girdhar
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat Landscape
F-Secure Corporation
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
Silva_2
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
David Perkins
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2
F-Secure Corporation
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
AlienVault
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 

What's hot (19)

A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
 
D zone-firewall-datasheet
D zone-firewall-datasheetD zone-firewall-datasheet
D zone-firewall-datasheet
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat Landscape
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 

Similar to O seu DNS está protegido

Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
Greater Noida Institute Of Technology
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based Security
John Wiley
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
DefconRussia
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
Yahia Kandeel
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
ssuser813dcd
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
ArjayBalberan1
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
jikbal
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
Somyos U.
 
Security concepts
Security conceptsSecurity concepts
Security concepts
artisriva
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
MarketingArrowECS_CZ
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
 

Similar to O seu DNS está protegido (20)

Security in network
Security in networkSecurity in network
Security in network
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based Security
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 

More from Cisco do Brasil

Revista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficialRevista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficial
Cisco do Brasil
 
Revista Cisco Live Ed 24
Revista Cisco Live Ed 24Revista Cisco Live Ed 24
Revista Cisco Live Ed 24
Cisco do Brasil
 
Revista Cisco Live Ed 23
Revista Cisco Live Ed 23Revista Cisco Live Ed 23
Revista Cisco Live Ed 23
Cisco do Brasil
 
Revista Cisco Live Ed 22
Revista Cisco Live Ed 22Revista Cisco Live Ed 22
Revista Cisco Live Ed 22
Cisco do Brasil
 
Revista Cisco Live Ed 21
Revista Cisco Live Ed 21Revista Cisco Live Ed 21
Revista Cisco Live Ed 21
Cisco do Brasil
 
Revista cisco live ed 20
Revista cisco live ed 20Revista cisco live ed 20
Revista cisco live ed 20
Cisco do Brasil
 
Cisco Live Magazine ed 19
Cisco Live Magazine ed 19Cisco Live Magazine ed 19
Cisco Live Magazine ed 19
Cisco do Brasil
 
Rio 2016 em Números - Cisco
Rio 2016 em Números - CiscoRio 2016 em Números - Cisco
Rio 2016 em Números - Cisco
Cisco do Brasil
 
Cisco Tetration Analytics
Cisco Tetration AnalyticsCisco Tetration Analytics
Cisco Tetration Analytics
Cisco do Brasil
 
Revista Cisco Live ed 18
Revista Cisco Live ed 18Revista Cisco Live ed 18
Revista Cisco Live ed 18
Cisco do Brasil
 
Brazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investmentsBrazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investments
Cisco do Brasil
 
Cloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a criseCloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a crise
Cisco do Brasil
 
Vença o jogo da rede
Vença o jogo da redeVença o jogo da rede
Vença o jogo da rede
Cisco do Brasil
 
Transforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovaçãoTransforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovação
Cisco do Brasil
 
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
Cisco do Brasil
 
5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede
Cisco do Brasil
 
5 motivos para atualizar sua rede
5 motivos para atualizar sua rede5 motivos para atualizar sua rede
5 motivos para atualizar sua rede
Cisco do Brasil
 
5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento
Cisco do Brasil
 
A transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisasA transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisas
Cisco do Brasil
 
Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016 Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016
Cisco do Brasil
 

More from Cisco do Brasil (20)

Revista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficialRevista Cisco Live ed 25 oficial
Revista Cisco Live ed 25 oficial
 
Revista Cisco Live Ed 24
Revista Cisco Live Ed 24Revista Cisco Live Ed 24
Revista Cisco Live Ed 24
 
Revista Cisco Live Ed 23
Revista Cisco Live Ed 23Revista Cisco Live Ed 23
Revista Cisco Live Ed 23
 
Revista Cisco Live Ed 22
Revista Cisco Live Ed 22Revista Cisco Live Ed 22
Revista Cisco Live Ed 22
 
Revista Cisco Live Ed 21
Revista Cisco Live Ed 21Revista Cisco Live Ed 21
Revista Cisco Live Ed 21
 
Revista cisco live ed 20
Revista cisco live ed 20Revista cisco live ed 20
Revista cisco live ed 20
 
Cisco Live Magazine ed 19
Cisco Live Magazine ed 19Cisco Live Magazine ed 19
Cisco Live Magazine ed 19
 
Rio 2016 em Números - Cisco
Rio 2016 em Números - CiscoRio 2016 em Números - Cisco
Rio 2016 em Números - Cisco
 
Cisco Tetration Analytics
Cisco Tetration AnalyticsCisco Tetration Analytics
Cisco Tetration Analytics
 
Revista Cisco Live ed 18
Revista Cisco Live ed 18Revista Cisco Live ed 18
Revista Cisco Live ed 18
 
Brazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investmentsBrazilian Scenario - Trends and Challenges to keep IT investments
Brazilian Scenario - Trends and Challenges to keep IT investments
 
Cloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a criseCloud Computing: a chave para inovar durante a crise
Cloud Computing: a chave para inovar durante a crise
 
Vença o jogo da rede
Vença o jogo da redeVença o jogo da rede
Vença o jogo da rede
 
Transforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovaçãoTransforme sua rede em um mecanismo de inovação
Transforme sua rede em um mecanismo de inovação
 
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
5 perguntas para ajudar você a escolher uma rede na nuvem ou no local
 
5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede5 principais maneiras de extrair informações da sua rede
5 principais maneiras de extrair informações da sua rede
 
5 motivos para atualizar sua rede
5 motivos para atualizar sua rede5 motivos para atualizar sua rede
5 motivos para atualizar sua rede
 
5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento5 formas de simplificar as operações e economizar seu orçamento
5 formas de simplificar as operações e economizar seu orçamento
 
A transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisasA transformação digital com a internet de todas as coisas
A transformação digital com a internet de todas as coisas
 
Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016 Relatório anual de segurança da Cisco de 2016
Relatório anual de segurança da Cisco de 2016
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

O seu DNS está protegido

  • 1. Fernando Zamai – fzamai@cisco.com Security Consulting Aug, 2016 Ele pode ser seu vetor de ataques. Seu DNS está protegido?
  • 2. enterprise network Attacker Perimeter (Inbound) Perimeter (Outbound) Research targets 11 C2 Server Spear Phishing (you@acme.com) 2 https://welcome.to.jangle.com/exploit.php Victim clicks link unwittingly3 Bot installed, back door established and receives commands from C2 server 4 Scan LAN for vulnerable hosts to exploit & find privileged users 5 Privileged account found.6 Admin Node Data exfiltrated7 System compromised and data breached.8 Vulnerabilities, Exploits, Malware Hacked Mail Server – acme.com Hacked Web Server – jangle.com Main Vectors
  • 3. HARD-CODED IP @23.4.24.1 “FAST FLUX” @23.4.24.1 bad.com? @34.4.2.110 @23.4.34.55 @44.6.11.8 @129.3.6.3 DOMAIN GENERATION ALGORITHM bad.com? @34.4.2.11 0 baa.ru? bid.cn @8.2.130.3 @12.3.2.1 @67.44.21.1 Evolution of Command & Control Callbacks
  • 4. DNS Tunnel DNS Server bad.net 10011001 11100010 11010100 10010010 01001000 DNS Query alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net DNS Answer alknfijuqwelrkmmvclkmzxcladlfmaelrkjalm.bad.net = 2.100.4.30 10011001 11100010 11010100 10010010 01001000 http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html Authoritative DNS root com. cisco.com.
  • 5. INTERNET MALWARE C2/BOTNETS PHISHING AV AV AV AV ROUTER/UTM AV AV ROUTER/UTM SANDBOX PROXY NGFW NETFLOW AV AV AV AV MID LAYER LAST LAYER MID LAYER LAST LAYER MID LAYER FIRST LAYER Where Do You Enforce Security? Perimeter Perimeter Perimeter Endpoint Endpoint CHALLENGES Too Many Alerts via Appliances & AV Wait Until Payloads Reaches Target Too Much Time to Deploy Everywhere BENEFITS Alerts Reduced 2-10x; Improves Your SIEM Traffic & Payloads Never Reach Target Provision Globally in UNDER 30 MINUTES
  • 6. What We Observe On The Internet
  • 7. Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data
  • 8. Our View of the Internet providing visibility into global Internet activity (e.g. BGP, AS, Whois, DNS)
  • 9. We See Where Attacks Are Staged using modern data analysis to surface threat activity in unique ways
  • 10. Apply statistical models and human intelligence Identify probable malicious sites Ingest millions of data points per second How Our Security Classification Works a.ru b.cn 7.7.1.3 e.net 5.9.0.1 p.com/jpg
  • 11. PRODUCTS & TECHNOLOGIES UMBRELLA Enforcement Network security service protects any device, anywhere INVESTIGATE Intelligence Threat intelligence about domains & IPs across the Internet
  • 12. A New Layer of Breach Protection Threat Prevention Not just threat detection Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances Turn-Key & Custom API-Based Integrations Does not require professional services to setup Block by Domains, IPs & URLs for All Ports Not just ports 80/443 or only IPs Always Up to Date No need for device to VPN back to an on-prem server for updates UMBRELLA Enforcement
  • 13. A Single, Correlated Source of Information INVESTIGATE WHOIS record data ASN attribution IP geolocation IP reputation scores Domain reputation scores Domain co-occurrences Anomaly detection (DGAs, FFNs) DNS request patterns/geo. distribution Passive DNS database
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. Investigate ouvidoria@acirpsjriopreto.com.br ACIRP - Associação Comercial e Empresarial de São José do Rio Preto http://www.acirpsjriopreto.com.br/ culturaembrasilia.com php-code Imprimir.php
  • 23.
  • 24.
  • 25. OpenDNS Works With Everything You Use FUTURE-PROOF EXTENSIBILITY ANY NETWORK Routers, Wi-Fi, SDN ANY ENDPOINT VPN, IoE ANY TECHNOLOGY Firewalls, Gateways SECURE APIs OPEN TO EVERYONE SECURITY PROVIDERS FireEye, Cisco, Check Point NETWORK PROVIDERS Meraki, Aruba, Aerohive CUSTOMERS In-house Security Systems
  • 26. ENDPOINT SECURITY (block by file, behavior) How OpenDNS Complements On-Network Security Stack NETWORK FIREWALL (block by IP, packet) WEB PROXY (block by URL, content) OpenDNS UMBRELLA (block by domain/IP, URL)
  • 28. 1 2 3 CLOUD SERVICE W/FULL SELF-PROVISIONED TRIAL Point DNS traffic from one office without hardware or software and without network topology changes or device configuration changes ADD OFF-NET COVERAGE & PER-DEVICE VISIBILITY Protect your weakest links and identify which specific devices (or users) are targeted by attacks; self-updating software is required EXTEND PROTECTION & ENRICH DATA VIA APIs Help SOC teams to get more value out of existing investments like FireEye and incident response teams investigate threats faster Get Started in 30 Seconds…Really