Catch attacks at the network layer with DNS-based threat detection
The Domain Name System (DNS) is crucial to internet functionality as it maps domain names to IP addresses. DNS-level events provide valuable information about network traffic that can be used to identify malicious activity, such as cryptojacking attempts and data exfiltration. Datadog's eBPF-powered Cloud Workload Security (CWS) now analyzes DNS activity in addition to file and process activity to detect security threats in real time. This enhances threat detection by providing visibility into DNS lookups, allowing users to spot attacks at the network level. The latest rules include out-of-the-box workload threat detection rules that flag suspicious activity like unexpected password changes, web shell creations, and nmap executions. Datadog CWS also includes rules for detecting "command and control" attacks and provides contextual information to help determine whether suspicious behavior is malicious.
Company
Datadog
Date published
July 1, 2022
Author(s)
Jordan Obey, Nathaniel Beckstead
Word count
698
Language
English
Hacker News points
None found.