Secure64 uses AI and Machine learning to stop data exfiltration via DNS tunnels

Secure64 began using AI and Machine learning several years ago to build the best protection we could for DNS. The best example of our AI solutions  is Secure64 Tunnel GuardTM  but AI extends to other elements of our security solutions.

DNS tunneling, illustrated below, can be used to exfiltrate data and evade traditional security controls. DNS is often not monitored as it is not a data communication protocol. But hackers can embed data into DNS queries, avoiding the traditional security solutions. This data goes outside the network not at high speed but in plain sight and can transport any data the hacker wants to send embedded in the protocol.

Secure64 Tunnel guard, unlike most DNS filtering solutions, uses AI and Machine learning to look at the DNS queries and block them when they are harbouring bad traffic. The algorithums go through a number of stages to determine that the packet isnt valid and automatically steps in where other solutions fail. The platform learns normal trafffic for the network and looks into the flows. Anything that does not look right is highlighted and analyzed further – all in real time. The solution is automated and provides real-time feedback when a hack is attempted. 

Network Operations and the SOC do not have to tune variables or rely on a list being downloaded to block DNS tunnel exfiltration. 

When Secure64 is linked with SIEM solutions or Secure64 Vizion, the system administrator can see in near real time the threat and the stages the traffic has gone through to be blocked. 

Solutions to block traffic tunnelled over DNS have to use advanced algorithums to determine false positives and positive blocks and have to tune to the traffic in the network. Only a solution that learns and adapts to the network is a suitable solution to this type of problem. One impressive aspect of the Secure64 platfoirm is that we do this without impacting the customer experience and latenancy for the network, even at the massive scales we support with some of our customers.

Tunnel Guard is perfect for the enterprise or government to stop data being leaked as well as MSP networks where hackers also use DNS to avoid paying for services. Please contact us to learn more.

OpenRAN: Why is DNS so important?

OpenRAN is a shift in the mobile networking infrastructure to move away from a single vendor solution. The solution can now be built using open interfaces and software to allow different vendors to interoperate and build the RAN network.

This modular architecture brings efficiency, scale and speed of innovation as the network can be upgraded to add new features by upgrading elements knowing that so long as the protocols in use are adhered to, the platforms will interoperate.

One element that is not often discussed is the need for a reliable, secure DNS within any modern telecommunications network. DNS in the network is not just for the consumer resolving a domain name for a social media site but is used to power the network itself.

Every transaction starts with DNS including ones inside the RAN network and ones using the RAN network to access the internet. Specifically, DNS is used to provide the details of communication between elements of the network. Resources can move and change their IP address. Access to that service is therefore accessed via a DNS lookup. DNS is open and configurable and allows for security solutions to be layered over the top of the solution.

In a 5G network, every service is packetized and sent over the IP network. Voice, video, data are just different services in the core. Different APN’s are used to send these different services. From the users point of view a failure in DNS would mean a total failure of services and usage of the handset for Voice, Video and Data.

In the core of the network, DNS is also used for Load Balancing and accessing components. Elements of the network that needs to talk to one another use the DNS name of the other component. DNS is therefore critical for this communication and the service of the network.

When a user access services on the internet, this naturally uses DNS to access the resource or site the user wants to go to.

Why is a Secure DNS solution needed?
Simply put, various systems and resources require DNS for the network to operate. The DNS needs to be self defending and stop problems. It needs to be scalable and given the critical nature of the DNS in the operation of the network, it needs to be carrier grade.
For the consumer, the need protection and content control to stop bad sites such as Malware, Phishing, Ransomware etc.


Here are Secure64 we want to congratulate 1&1 and Mavenir for the first OpenRAN deployment in Europe and look forward to more success with the team.