Threat Hunting with Securd

Threat Hunting with Securd

A cloud-based DNS firewall, such as Securd, can be an effective tool for threat hunting by security analysts. Here is a step-by-step guide on how a security analyst can use Securd for threat hunting:

  1. Set up Securd: The first step in using Securd for threat hunting is to set up the service. Configure your network to send DNS data to Securd, and setting up access to the Securd web interface.

  2. Collect and analyze DNS data: Once Securd is set up, Securd will begin collecting and analyzing DNS data from your network in real-time. This data can include DNS queries, responses, and other metadata such as the source and destination IP addresses of the traffic.

  3. Identify indicators of compromise: One of the primary benefits of using Securd for threat hunting is the ability to quickly identify indicators of compromise (IOCs) in DNS data. Some common IOCs that can be detected using Securd include:

  • Domain names associated with known malware or phishing campaigns
  • DNS queries for non-existent domains (NX domains)
  • DNS responses containing malicious payloads
  • Sudden increase in the number of DNS queries or responses
  • Low DigitalStakeout Domain Rank resolutions
  • Sudden burst of new Securd Greywall entries
  1. Investigate suspicious activity: If you identify any suspicious activity or IOCs using Securd, it is important to investigate further to confirm the existence of a threat and to determine its nature and scope. This may involve conducting additional analysis of DNS data, as well as other types of data such as network traffic and system logs.

  2. Take action: If you confirm the existence of a cyber threat, it is important to take action to mitigate the threat and prevent further damage. This may involve blocking malicious traffic by Securd policy, quarantining infected devices, and implementing additional security measures to prevent connectivity to the malicious domain(s) and future attacks.

    • Related Articles

    • Managing DNS Security Threat Categories

      Securd offers out-of-the box protection to the following types of malicious domains. These threat categories are maintained 24x7 and sourced from a global network of real-time threat intelligence including customer reports, partner cyber threat ...
    • Securd URL Proxy

      Securd URL Proxy analyzes web traffic for high risk URLs. It examines the domain and full URL of request to determine if it is a threat. The targeted proxy performs HTTPS security analysis of good sites that are exploited to deliver cyber attacks. ...
    • PagerDuty Securd Integration

      Trigger Securd alerts to PagerDuty, so you can remediate cyber security incidents faster. 1. Perform the PagerDuty Setup Process first. PagerDuty Setup Process Login to PagerDuty, go to the Configuration menu and select Services. On the Services ...
    • An Example of How the Greywall Blocks a Phishing Threat

      The Securd Greywall reduces risk by limiting unwitting end-users from temporarily interacting with domains, hostnames, and URLs with zero histories, reputation, or generated by an algorithm. Here is an example how it prevents a user from unwittingly ...
    • Securd Dashboard Overview

      Note: Each company (tenant) has a unique dashboard. Learn more about companies. The Securd dashboard provides administrators with a high-level time-based summary into key security metrics and information about a company's underlying activity. Threat ...