Umbrella Confidential
1_Title (1)Under the Hood: OpenDNS Security Labs
with Dhia and Dima
Umbrella Confidential
1_Light Title Only
#2 Apr 8, 2023 Umbrella Confidential
ASIA-PACIFIC
EUROPE, MIDDLE
EAST & AFRICA
AMERICAS
COMPANY BACKGROUND
50M+ ACTIVE USERS DAILY23 DATA CENTER LOCATIONSZERO DOWNTIME, SINCE 2006
50B+ REQUESTS DAILY160+ COUNTRIES W/USERSZERO NET NEW LATENCY
GLOBAL SECURITY NETWORK208.67.220.220 208.67.222.222
Umbrella Confidential
1_Light Title Only
#3 Apr 8, 2023 Umbrella Confidential
UMBRELLA BY OPENDNS
80M+
REQUESTS TO ADVANCED MALWARE, BOTNET & PHISHING THREATS BLOCKED DAILYNEW THREAT ORIGINS DISCOVERED OR PREDICTED DAILY
100K+
THE ONLY CLOUD-DELIVERED AND DNS-BASED WEB SECURITY SOLUTION
Umbrella Confidential
1_Title (1)Dhia MahjoubSr. Security ResearcherOpenDNS Labs
Dima KumetsSr. Product ManagerOpenDNS
YOUR PRESENTERS:
Umbrella Confidential#5 Apr 8, 2023 Umbrella Confidential
AI
HadoopHBASEHIVE,PI
G…Collecti
veDiscov
ery
RESEARCHINNOVATIONS
Graph Theor
y
Pattern
Discovery
Anomaly
Detection
Voting
Trust
RESEARCH
Human
Intel
Payload/
Binaries
100+ sensors
HTTP/HTTPS
20 Data Cente
rs
BIG DATA
50+ Million Users
DNS
160+ countries
50+Billion Querie
s
ANALYZING DATA TO EXTRACT ACTIONABLE SECURITY INFORMATION
Reporting
Security Communit
y
#6
Changing Threat Landscape
A crime economic model• Distributed specialists• Scalable• Profitable
Examples of players• Vulnerability specialists• Distributors• Malware Writers
PREDICTIVETHREAT
INTELLIGENCE
Internet-wide pattern analysisPredictive in natureOpenDNS Approach
MALWAREANALYSIS
Sample analysisReactive in nature
Most common approach
VS
#8
Who is OpenDNS Labs?
Graph Theory Scientists
Visualization Experts
Algorithmists/Programmers
Machine Learning Developers
Predictive Threat Labs
#9
Process
Goal: Automated, Real-time threat intelligence forprevention and containment
• Analyze huge data sets• Develop model for bad actor behavior• Create classifiers• Validate and test• Combine to detect new threats
#10
The Big Data
Traffic patterns• Source• Destination• Volume• Time
50B Queries/Day
Example: CryptolockerCo-Occurrence + DGA
#11
DGA: Domain Generation Algorithm
#12
DGA: Domain Generation Algorithm
#13
The Big Data
Passive/Infrastructure• Domain• IP• Prefix+ ASN• Changes
Example: Fast Flux
#14
Fast Flux
#15
Fast Flux
#16
Fast Flux
#17
Build Classifiers
• What’s a classifier• How does it work• How to test for false positives
• Combining classifiers to productionalize
#18 Apr 8, 2023 Umbrella Confidential
THANK YOU! ANY QUESTIONS?... CHECK OUT THE BLOG
LABS.UMBRELLA.COM
FOR A FREE TRIAL EMAIL
OR JUST TWEET @THINKUMBRELLA
