The Turing tool works by rapidly storing and analysing Domain Name System (DNS) query data using a patent-pending metadata storage architecture that Nominet has spent the past four years developing.Nominet claims that the system can process terabytes of DNS traffic and manage over 250,000 queries per second, providing an in-depth and dynamic view of all network activity.The data can be viewed on any browser on any device in a graphical format, and aims to make it easier to spot an array of network threats and problems including botnets, latency, general bugs and errors, malware and man-in-the-middle attacks.
Source: Nominet declares war on botnets, malware and snoops with Turing analytics tool – IT News from V3.co.uk
One of the first things I do when I go into a new company as a consultant is ask 1) where their list of assets is, and 2) if they are capturing, monitoring, and responding to outbound DNS queries.
It’s surprising how much information just these two things can tell you about the security readiness of an organization.
This tool here, the Turing Tool, is one of what will soon be many hooks into DNS query data for the purpose of finding malware and malicious actors on the internal network.
As I talked about in my RSA trends post, the new paradigm will soon be single capture and multi read, meaning that DNS data will be part of companies’ security data lakes, and they’ll be able to let various vendors have spigots that can dip in and drink from it to feed their particular algorithm.
Outbound DNS, folks. That’s where it’s at.
- One word of caution, or of note: make sure you only have one way out for DNS, and that this is where you’re doing your filtering. Make sure you aren’t resolving names in multiple places, with multiple egress routes. One egress, and monitor / defend that one.