The Unknown Security Challenge
The pace of technology advancements doesn't seem to be slowing down anytime soon. Along with these advances are new security vulnerabilities and new unknown threats. Many of today's security challenges remain undetected and become public only after causing significant damage.
Thunder DNS anomaly detection is designed to convert "unknown" threats to "known" threats by integrating detailed analytics of DNS with the latest advances in big data and artificial intelligence.
Each DNS query contains several data points that combined can act as a unique fingerprint. It is difficult to correlate each fingerprint on its own. However, the data in aggregate can be used to benchmark expected network performance. We apply custom algorithms to this large data of benchmarks to uncover new threats.
Looking at data queries by IP address over time is a simple way to identify anomalies. For example, an IP address that normally sends a few hundred queries a day starts sending tens of thousands of queries in a few hours. This spike in queries could be caused by malware looking for its mother ship.
Synergy of DNS for Anomaly Detection
Huge datasets of relevant information are the key to leveraging Artificial Intelligence technologies. DNS is a perfect match for AI because it provides constant data insights into the network.
Not only can AI use DNS data to provide better security, but the predictive capabilities of AI can be used to enhance DNS services. In this way, both AI and DNS complement each other to provide users with a premium Internet experience.
Benefits of Anomaly Detection
Unlike legacy DNS solutions, Thunder DNS leverages advanced technologies to provide an additional layer of security. Advantages of Anomaly Detection include:
1. Detection and prevention of previously unknown threats
2. Identification of network devices infected with malware
3. Utilization of AI to improve DNS services