Testing of threat intelligence data at DNS protection
The paper sums up the key results of ESET and Whalebone's collaboration that have come from testing ESET Threat Intelligence and whalebone domain name protection. During the testing, the data feed on dangerous domains and their categories (IoC) was blocked at DNS level on a sample of nearly 100,000 Internet connections in the Czech Republic and Slovakia, representing an estimate of up to half a million end devices. Information and statistics on "false positives," and comparisons with other types of IoC resources can provide a basis for reflection on the security status of Internet connections, how to protect against targeted attacks on some companies, or other aspects of Internet security.
Unlike the information that can be provided by automated vulnerability scanners from Internet testing, this is a different and deeper look at the state of the end devices in the monitored sample that are hidden in business, home networks, in Internet service providers. Testing also enabled Whalebone to measure the extent of the current threat extensions on devices that are not protected against the threats covered in the test feed data.
For clarification, information will be provided on:
- the generation and method of generating IoC,
- Dividing DNS protection into basic categories of malware, phishing and blacklist,
- the method of providing IoC,
- the use of the data in the context of multilevel protection,
- Functional DNS protection and its effectiveness and reach,
- types of DNS protection incident,
- their amount and the extent of false positives in their use.
Ing. Peter Dekýš, PhD.
Works as a consultant and manager of ESET Services, ESET spol. s r.o. Bratislava. He graduated from the Faculty of Electrical Engineering at the Slovak Technical University in Bratislava. Later he worked as a pedagogue at STU Bratislava and subsequently in several companies dealing with information security, computer networks and other information technology solutions. Since 2009 he manages information security services for external customers, internal security in ESET, and as a consultant is involved in selected audits and information security management consulting projects. Recently, he has begun to launch Threat Intelligence in ESET.
Mgr. Jakub Daubner, PhD.
Graduated in 2008 from Faculty of Mathematics, Physics and Informatics, Comenius University in Bratislava aimed at Mathematical Methods in Informatics and Artificial Intelligence. Graduated with Ph.D. in 2012 from Faculty of Management Science and Informatics, University in Zilina aimed at Applied Informatics. During Ph.D. studies, in 2009, he entered ESET as Infiltration Analytics. Since 2011, he is department leader of Internal Systems, which belongs to technology sub-division Core Research and Threat Detection. This department focus mainly on research and development of tools and automatic systems designed for Viruslab. One of the current department projects is also research and development of ESET Threat Intelligence.
Mgr. Robert Šefr
Graduated from Faulty of Informatics Masaryk university in 2009 with thesis aimed at malware reverse engineering. Joined the Comguard company as a security consultant with responsibilities for penetration testing, endpoint protection, network security, incident analysis through SIEM and vulnerability management. Later while leading consultants at Comguard, Robert also joined CSIRT.cz as an analyst, where he was involved in incident handling automation for two years. Afterwards he started working on the idea of DNS level client protection and founded Whalebone, which is now his full-time job and hobby at the same time.