/plushcap/analysis/datadog/dns-based-threat-detection

Catch attacks at the network layer with DNS-based threat detection

What's this blog post about?

The Domain Name System (DNS) is crucial to internet functionality as it maps domain names to IP addresses. DNS-level events provide valuable information about network traffic that can be used to identify malicious activity, such as cryptojacking attempts and data exfiltration. Datadog's eBPF-powered Cloud Workload Security (CWS) now analyzes DNS activity in addition to file and process activity to detect security threats in real time. This enhances threat detection by providing visibility into DNS lookups, allowing users to spot attacks at the network level. The latest rules include out-of-the-box workload threat detection rules that flag suspicious activity like unexpected password changes, web shell creations, and nmap executions. Datadog CWS also includes rules for detecting "command and control" attacks and provides contextual information to help determine whether suspicious behavior is malicious.

Company
Datadog

Date published
July 1, 2022

Author(s)
Jordan Obey, Nathaniel Beckstead

Word count
698

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.