Saturday, October 5, 2013

Got DNS visibility?

Jaime Blasco recently wrote a great blog post on using DNS records to identify suspicious domains:
http://www.alienvault.com/open-threat-exchange/blog/identifying-suspicious-domains-using-dns-records

Here are some other great articles on the power of DNS visibility:

http://blogs.cisco.com/security/tracking-malicious-activity-with-passive-dns-query-monitoring/

https://blog.damballa.com/archives/1834/trackback

http://isc.sans.edu/diary.html?storyid=13918

Got Security Onion?

If you currently don't have the kind of DNS visibility described above or are unable to effectively search your DNS logs for anomalies, get Security Onion today!
https://code.google.com/p/security-onion/wiki/Installation

Here's a quick video on using Security Onion to configure Bro and ELSA in minutes to give you DNS visibility and the ability to quickly search, summarize, and look for anomalies:
http://www.youtube.com/watch?v=33HZyIxbg6c&list=PLMN5wm-C5YjyieO63g8LbaiWTSJRj0DBe

Need Training?
Want to learn more about Log Management?  Join me for SANS SEC434 Log Management In-Depth in Memphis TN on October 16th and 17th!  This class is being held in conjunction with University of Memphis Center for Information Assurance Cyber Security Expo taking place October 18, 2013 at the FedEx Institute of Technology.  Your paid tuition for this SANS course includes registration for the Cyber Security Expo when you register with Discount Code "ISC-Memphis":
http://www.sans.org/community/event/sec434-memphis-16oct2013-doug-burks

Want to learn more about Security Onion?  Sign up for the upcoming 8-hour class in Augusta GA!  Be one of the first 10 students to sign up and you can register at the discounted Early Bird price!  For full details and to register, please see:
https://securityonion20131026.eventbrite.com/

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.