Skip to main content
Version: v2.4.5

Remediate threats posed by DGA and DNS Tunneling domains

Domain Generation Algorithms (DGAs)

Domain Generation Algorithms (DGAs) are programs used by cybercriminals and botnet operators to generate a large list of domain names for malware to evade security measures. These algorithms create random domain names that malware can quickly switch between, making it challenging for security software to block and remove malicious domains. DGAs act as rendezvous points for malware Command-and-Control (C&C) servers, enabling communication between infected devices and attackers. By constantly changing domains, attackers can avoid detection and continue their malicious activities. One of the key benefits of a solution like DNS Firewall is the ability to detect DGA domains with a high level of confidence.

DNS Firewall flags potential DGA domains. Given the mode of operation of DGAs, Security Operations team will need to identify the source device making the DGA requests and remediate the underlying infection. This will address the root cause of DGA domains.

DNS Tunneling

DNS Tunneling is a malicious technique where hackers encode data from other protocols into DNS queries and responses to evade detection by security systems. By exploiting the DNS protocol, attackers can establish covert communication channels, exfiltrate data, and control malware-infected systems. This method allows cybercriminals to bypass firewalls and perform various malicious activities without being easily detected.

DNS Firewall is uniquely positioned to detect DNS tunneling attacks in a network or end user device since it has visibility on all DNS traffic. To remediate infected devices, Security Operations team will need to identify devices making DNS Tunneling requests and clean the underlying infection. This will address the root case of DNS Tunneling domains in a network.

Our advanced machine learning algorithms are designed to keep false positives to a minimum while flagging DGAs and DNS Tunneling domains and are continuously optimized to further improve the accuracy of our detections.

DGA and DNS Tunneling