speak security: under the hood of the opendns security research labs with dhia and dima
DESCRIPTION
Malware reversing is a conventional threat intelligence strategy that is being challenged to keep up with the fast-paced evolution of threats. To stay ahead of bad actors, the next generation security intelligence engine is big data, not malware reversing. An advanced generation of security intelligence teams has risen with mathematicians, algorithmic geniuses and big data researchers. The buzz words sound impressive but what does this actually mean in practice? On Jan 22nd, OpenDNS Security Researcher, Dhia Mahjoub, and Senior Product Manager, Dima Kumets, went under the hood of OpenDNS Security Research Labs. Their discussion included such topics as: -What the OpenDNS Researchers actually do and why it's so different from traditional sample analysis -The process of developing and improving learning machines as developed by Dhia and the Labs Team -Insights gained from looking at Internet traffic as a whole -The difference in Big Data insight vs Malware Reversing -The latest threats OpenDNS Security Labs is mitigatingTRANSCRIPT
Umbrella Confidential
1_Title (1)Under the Hood: OpenDNS Security Labs
with Dhia and Dima
Umbrella Confidential
1_Light Title Only
#2 Apr 8, 2023 Umbrella Confidential
ASIA-PACIFIC
EUROPE, MIDDLE
EAST & AFRICA
AMERICAS
COMPANY BACKGROUND
50M+ ACTIVE USERS DAILY23 DATA CENTER LOCATIONSZERO DOWNTIME, SINCE 2006
50B+ REQUESTS DAILY160+ COUNTRIES W/USERSZERO NET NEW LATENCY
GLOBAL SECURITY NETWORK208.67.220.220 208.67.222.222
Umbrella Confidential
1_Light Title Only
#3 Apr 8, 2023 Umbrella Confidential
UMBRELLA BY OPENDNS
80M+
REQUESTS TO ADVANCED MALWARE, BOTNET & PHISHING THREATS BLOCKED DAILYNEW THREAT ORIGINS DISCOVERED OR PREDICTED DAILY
100K+
THE ONLY CLOUD-DELIVERED AND DNS-BASED WEB SECURITY SOLUTION
Umbrella Confidential
1_Title (1)Dhia MahjoubSr. Security ResearcherOpenDNS Labs
Dima KumetsSr. Product ManagerOpenDNS
YOUR PRESENTERS:
Umbrella Confidential#5 Apr 8, 2023 Umbrella Confidential
AI
HadoopHBASEHIVE,PI
G…Collecti
veDiscov
ery
RESEARCHINNOVATIONS
Graph Theor
y
Pattern
Discovery
Anomaly
Detection
Voting
Trust
RESEARCH
Human
Intel
Payload/
Binaries
100+ sensors
HTTP/HTTPS
20 Data Cente
rs
BIG DATA
50+ Million Users
DNS
160+ countries
50+Billion Querie
s
ANALYZING DATA TO EXTRACT ACTIONABLE SECURITY INFORMATION
Reporting
Security Communit
y
#6
Changing Threat Landscape
A crime economic model• Distributed specialists• Scalable• Profitable
Examples of players• Vulnerability specialists• Distributors• Malware Writers
PREDICTIVETHREAT
INTELLIGENCE
Internet-wide pattern analysisPredictive in natureOpenDNS Approach
MALWAREANALYSIS
Sample analysisReactive in nature
Most common approach
VS
#8
Who is OpenDNS Labs?
Graph Theory Scientists
Visualization Experts
Algorithmists/Programmers
Machine Learning Developers
Predictive Threat Labs
#9
Process
Goal: Automated, Real-time threat intelligence forprevention and containment
• Analyze huge data sets• Develop model for bad actor behavior• Create classifiers• Validate and test• Combine to detect new threats
#10
The Big Data
Traffic patterns• Source• Destination• Volume• Time
50B Queries/Day
Example: CryptolockerCo-Occurrence + DGA
#11
DGA: Domain Generation Algorithm
#12
DGA: Domain Generation Algorithm
#13
The Big Data
Passive/Infrastructure• Domain• IP• Prefix+ ASN• Changes
Example: Fast Flux
#14
Fast Flux
#15
Fast Flux
#16
Fast Flux
#17
Build Classifiers
• What’s a classifier• How does it work• How to test for false positives
• Combining classifiers to productionalize
#18 Apr 8, 2023 Umbrella Confidential
THANK YOU! ANY QUESTIONS?... CHECK OUT THE BLOG
LABS.UMBRELLA.COM
FOR A FREE TRIAL EMAIL
OR JUST TWEET @THINKUMBRELLA