This post is officially my first after coming over as part of the Cisco acquisition of OpenDNS. Since 2012, I’ve served as the CTO and am proud to be part of an incredible research team, OpenDNS Labs. Like the Talos Research Group we are focused on detecting and preventing threats that help protect our customers globally. We are uniquely positioned to do this through statistical models and classification techniques that are fueled by our satellite view of the Internet’s infrastructure with more than 80 Billion active DNS queries per day.
Today I’d like to share some of our research that we recently published around combining classification models together to better predict, and therefore prevent phishing and targeted attacks. In this post we discuss how we can combine two of our classifiers; NLP Rank and Traffic Spikes to predict malicious domains. Additionally we highlight the value of data visualizations with OpenGraphiti.
While the blog only highlighted some of our capabilities with OpenGraphiti, I recorded a short video of the tool in action below. This video demonstrates how we not only can ingest the data but also digest it visually — enabling incident response teams to pivot through the attackers infrastructure in a way that is difficult in a textual format. The visualization shows the relationships between the top-level host with all the associated fake sites that are associated and identified with NLP Rank. Note: There is no audio.
We at OpenDNS are extremely excited about being part of Cisco and look forward to sharing more of our incredible technology, research, and data moving forward.