Jakub Daubner, Peter Dekýš, Robert Šefr

back  Back...

Testing of threat intelligence data at DNS protection

The paper sums up the key results of ESET and Whalebone's collaboration that have come from testing ESET Threat Intelligence and whalebone domain name protection. During the testing, the data feed on dangerous domains and their categories (IoC) was blocked at DNS level on a sample of nearly 100,000 Internet connections in the Czech Republic and Slovakia, representing an estimate of up to half a million end devices. Information and statistics on "false positives," and comparisons with other types of IoC resources can provide a basis for reflection on the security status of Internet connections, how to protect against targeted attacks on some companies, or other aspects of Internet security.

Unlike the information that can be provided by automated vulnerability scanners from Internet testing, this is a different and deeper look at the state of the end devices in the monitored sample that are hidden in business, home networks, in Internet service providers. Testing also enabled Whalebone to measure the extent of the current threat extensions on devices that are not protected against the threats covered in the test feed data.

For clarification, information will be provided on:

  • the generation and method of generating IoC,
  • Dividing DNS protection into basic categories of malware, phishing and blacklist,
  • the method of providing IoC,
  • the use of the data in the context of multilevel protection,
  • Functional DNS protection and its effectiveness and reach,
  • types of DNS protection incident,
  • their amount and the extent of false positives in their use.

Ing. Peter Dekýš, PhD.

dekysWorks as a consultant and manager of ESET Services, ESET spol. s r.o. Bratislava. He graduated from the Faculty of Electrical Engineering at the Slovak Technical University in Bratislava. Later he worked as a pedagogue at STU Bratislava and subsequently in several companies dealing with information security, computer networks and other information technology solutions. Since 2009 he manages information security services for external customers, internal security in ESET, and as a consultant is involved in selected audits and information security management consulting projects. Recently, he has begun to launch Threat Intelligence in ESET.

 

 

 

Mgr. Jakub Daubner, PhD.

daubnerGraduated in 2008 from Faculty of Mathematics, Physics and Informatics, Comenius University in Bratislava aimed at Mathematical Methods in Informatics and Artificial Intelligence. Graduated with Ph.D. in 2012 from Faculty of Management Science and Informatics, University in Zilina aimed at Applied Informatics. During Ph.D. studies, in 2009, he entered ESET as Infiltration Analytics. Since 2011, he is department leader of Internal Systems, which belongs to technology sub-division Core Research and Threat Detection. This department focus mainly on research and development of tools and automatic systems designed for Viruslab. One of the current department projects is also research and development of ESET Threat Intelligence.

 

 

Mgr. Robert Šefr

sefrGraduated from Faulty of Informatics Masaryk university in 2009 with thesis aimed at malware reverse engineering. Joined the Comguard company as a security consultant with responsibilities for penetration testing, endpoint protection, network security, incident analysis through SIEM and vulnerability management. Later while leading consultants at Comguard, Robert also joined CSIRT.cz as an analyst, where he was involved in incident handling automation for two years. Afterwards he started working on the idea of DNS level client protection and founded Whalebone, which is now his full-time job and hobby at the same time.

 

back  Back...

is2 banner bw en

 

Contact us

TATE International s.r.o.
Hořejší nábřeží 21
150 00 Praha 5

phone  Phone: +420 257 920 319
mobile  Mobil: +420 737 215 219
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 
 
Back to top