Most of the malware lifecycle could be observed and even prevented in the DNS traffic. DNS resolver is the ideal place to look for the behavior and eventually act against malicious requests. The presentation will focus on different types of malware requests that can be seen and will discuss experience with fighting malware in a network with approximately hundred thousand of different households in the beginning of 2018. Summary of individual incidents and methods of detection will be presented along with downsides (e.g. application of external Indicators of Compromise) of such approach.
The aim is to give the audience an idea about the number of threats seen in a standard home network and to share experience with challenges in DNS resolution filtering like false positive mitigation. The main presentation structure will follow the malware lifecycle and will present real-life examples, statistics and describe approaches used to solve particular problems.
|Type of Presentation|