Secure64 uses AI and Machine learning to stop data exfiltration via DNS tunnels
Secure64 began using AI and Machine learning several years ago to build the best protection we could for DNS. The best example of our AI solutions is Secure64 Tunnel GuardTM but AI extends to other elements of our security solutions.
DNS tunneling, illustrated below, can be used to exfiltrate data and evade traditional security controls. DNS is often not monitored as it is not a data communication protocol. But hackers can embed data into DNS queries, avoiding the traditional security solutions. This data goes outside the network not at high speed but in plain sight and can transport any data the hacker wants to send embedded in the protocol.
Secure64 Tunnel guard, unlike most DNS filtering solutions, uses AI and Machine learning to look at the DNS queries and block them when they are harbouring bad traffic. The algorithums go through a number of stages to determine that the packet isnt valid and automatically steps in where other solutions fail. The platform learns normal trafffic for the network and looks into the flows. Anything that does not look right is highlighted and analyzed further – all in real time. The solution is automated and provides real-time feedback when a hack is attempted.
Network Operations and the SOC do not have to tune variables or rely on a list being downloaded to block DNS tunnel exfiltration.
When Secure64 is linked with SIEM solutions or Secure64 Vizion, the system administrator can see in near real time the threat and the stages the traffic has gone through to be blocked.
Solutions to block traffic tunnelled over DNS have to use advanced algorithums to determine false positives and positive blocks and have to tune to the traffic in the network. Only a solution that learns and adapts to the network is a suitable solution to this type of problem. One impressive aspect of the Secure64 platfoirm is that we do this without impacting the customer experience and latenancy for the network, even at the massive scales we support with some of our customers.
Tunnel Guard is perfect for the enterprise or government to stop data being leaked as well as MSP networks where hackers also use DNS to avoid paying for services. Please contact us to learn more.