Express Computer
Home  »  Security Edge  »  Coupling AI with Asset Management & DNS Can Make An Amazing Difference In Speed

Coupling AI with Asset Management & DNS Can Make An Amazing Difference In Speed

0 133

Leveraging AI in with asset management–on top of DNS management–can accelerate detection and blocking of an attack some 60 times. That means that a detection/blockage that would 3-4 hours without leveraging DNS files could happen in 3-4 minutes. During, for example, a ransomware attack, that could easily make the difference between losing sensitive data and potentially control of your environment and shutting the bad guys out before they do any serious damage.

But the issue here is not merely speed. It is about asset visibility as well as–in many situations–asset controls. CISOs track assets well, but they often spend insufficient effort focusing on networking. That is where the complexity is, with IoT, IIoT, cloud, Shadow IT, branch users, remote sites, etc. By leveraging network elements such as IPAM and DNS, CISOs and CIOs have far greater visibility and control.

For example, consider a routine IOT device such as a GE smart thermostat. IT and Security know that the device routinely checks in with the GE network, but are they aware if it visits an unrelated network? Do they know if it radically increases its communications or, even worse, starts moving increasingly larger amounts in either direction? DNS knows.

Many tools today deliver limited information, such as an IP address, but it doesn’t report on the roles of the asset. Is it a server running a financial application? IPAM metadata reports far more information including the MAC address, operating system details, what part of the network it’s on (subnet, physical location). Leveraging a configuration management database (CMDB) simply doesn’t deliver enough details.

That said, by combining CMDB information and correlating it with information from other databases managed by other groups (such as security, network admin, etc.), IPAM can detect data asset problems that the isolated resources can’t. When there’s DNS data exfiltration, many enterprises won’t detect it.

The next step is to make sure that IPAM data feeds into other applications such as a NAC app. That would mean that if a non-sanctioned device is added to the network, the NAC can block the device from the network by quarantining it. With all assets monitored, if a big increase in DNS data going to an unrecognized cloud, it will be detected. It might be an attack or it might simply be an employee violating the rules. Such is the joy of Shadow IT. Either way, rules can be written (or a SOC staffer could manually) add the cloud server to a block list.

Is something on the network making 1,000 or more DNS requests a minute? That’s a ransomware red flag that might be missed if network tools aren’t being closed monitored. That’s where machine learning (ML) can be an enterprise-saver. Attackers today are quite fond of embedding malware into DNS requests.

(Source : Infoblox.com)

For reading more interesting trends, whitepapers and perspectives on cybersecurity, please visit Security Edge 

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image