Threat Hunting with Securd
A cloud-based DNS firewall, such as Securd, can be an effective tool for threat hunting by security analysts. Here is a step-by-step guide on how a security analyst can use Securd for threat hunting:
Set up Securd: The first step in using Securd for threat hunting is to set up the service. Configure your network to send DNS data to Securd, and setting up access to the Securd web interface.
Collect and analyze DNS data: Once Securd is set up, Securd will begin collecting and analyzing DNS data from your network in real-time. This data can include DNS queries, responses, and other metadata such as the source and destination IP addresses of the traffic.
Identify indicators of compromise: One of the primary benefits of using Securd for threat hunting is the ability to quickly identify indicators of compromise (IOCs) in DNS data. Some common IOCs that can be detected using Securd include:
- Domain names associated with known malware or phishing campaigns
- DNS queries for non-existent domains (NX domains)
- DNS responses containing malicious payloads
- Sudden increase in the number of DNS queries or responses
- Low DigitalStakeout Domain Rank resolutions
- Sudden burst of new Securd Greywall entries
Investigate suspicious activity: If you identify any suspicious activity or IOCs using Securd, it is important to investigate further to confirm the existence of a threat and to determine its nature and scope. This may involve conducting additional analysis of DNS data, as well as other types of data such as network traffic and system logs.
Take action: If you confirm the existence of a cyber threat, it is
important to take action to mitigate the threat and prevent further
damage. This may involve blocking malicious traffic by Securd policy, quarantining
infected devices, and implementing additional security measures to
prevent connectivity to the malicious domain(s) and future attacks.
Managing DNS Security Threat Categories
Securd offers out-of-the box protection to the following types of malicious domains. These threat categories are maintained 24x7 and sourced from a global network of real-time threat intelligence including customer reports, partner cyber threat ...
Securd URL Proxy
Securd URL Proxy analyzes web traffic for high risk URLs. It examines the domain and full URL of request to determine if it is a threat. The targeted proxy performs HTTPS security analysis of good sites that are exploited to deliver cyber attacks. ...
PagerDuty Securd Integration
Trigger Securd alerts to PagerDuty, so you can remediate cyber security incidents faster. 1. Perform the PagerDuty Setup Process first. PagerDuty Setup Process Login to PagerDuty, go to the Configuration menu and select Services. On the Services ...
An Example of How the Greywall Blocks a Phishing Threat
The Securd Greywall reduces risk by limiting unwitting end-users from temporarily interacting with domains, hostnames, and URLs with zero histories, reputation, or generated by an algorithm. Here is an example how it prevents a user from unwittingly ...
Securd Dashboard Overview
Note: Each company (tenant) has a unique dashboard. Learn more about companies. The Securd dashboard provides administrators with a high-level time-based summary into key security metrics and information about a company's underlying activity. Threat ...