sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location
Understand How to Threat Hunt
DNS Covert Channel Indicators
4th March 2020
11:00 GMT | 16:00 GST | 17.30 IST
Register now!

Join Si Consult’s very own Chris Cheyne and Johnny Witt, for a webinar on ‘Understand How to Threat Hunt DNS Covert Channel Indicators’, held on the Wednesday 4th March 2020 at 11:00 GMT | 16:00 GST | 17.30 IST.

Adversaries often communicate using DNS to avoid detection. They do this by blending in with existing traffic. Almost all APT threat actor groups have demonstrated indicators relating to the use of DNS as a covert channel. So, understanding threat hunting techniques over DNS logging is essential.

Please enter your details here. We look forward to seeing you.


AREAS YOU WILL LEARN ABOUT:

  • DNS firewall traffic analysis and anomaly detection
  • DNS controls bypassing
  • DNS log inspection for excessive sub domains, head length
  • How to spot encoded traffic over DNS
  • How to spot fast flux DNS
  • How to detect domain generation algorithms are used by many malware families
  • What to know about port 53 inbound Transition Control Protocol (TCP)
  • The benefits of using specific tools for detection (IBM QRadar, Resilient and IBM X-Force) and more!

Threat hunting is the action of proactively searching out anomalies that lead to a positive detection of a malicious actor. The techniques used to do this are distinct from automated alert-driven detection, in that they are part of normal Security Operations Centre (SOC) operations, and almost always use machine analytics tooling.

There are, however, many methods attackers may take, via Domain Name System (DNS) anomalies, to communicate, target and blend in with existing traffic.

Guest speakers, Cheyne and Witt expose these DNS Anomalies, and highlight the specific tools, including how IBM QRadar can be used to provide the insights that make knowing about threat hunting crucial to your business.

Featured Presenter - Chris Cheyne, CTO Si Consult

Chris Cheyne is the SOC Director and CTO for SI Consult, a global organisation empowering its clients with bespoke cyber security procedures and technology. Responsible for operating five Security Operation Centres across the UK, Middle East and India, Chris specializes in threat hunting and intelligence, endpoint detection and response, SOC monitoring, behavioural analytics, EUBA, SIEM and more. With over 12 years of experience in security operations and management services, his objective is to place the power of his SOC team into his clients’ hands, and to provide complete visibility of security events and threats within their environments. Chris has been pivotal in building Si Consult’s capabilities in Managed Security Services and has experience in delivering SOC detection and response services for household names across multiple sectors, including Finance, Insurance, Healthcare, Retail, Aviation and Education. With an industry-leading team of 150 analysts behind him, he ensures that clients receive the highest degree of protection against today’s cyber threats.

CHRIS CHEYNE

SOC Director and CTO

Featured Presenter - Johnny Witt, Senior Security Analyst Si Consult

Johnny has over 25 years’ worth of experience in Cyber Security and Development, and acts as our Principal Threat Advisor for Si Consult SOC. He has an incredible depth of knowledge and experience with real-world threat actors, exploits and attack methods, and has many years of experience in detecting and responding to such threats.

Johnny contributes to the Si Consult Labs team and is specialised in Research and Development for next generation IT Security products and built the first OpenDNS (type) infrastructure.

JOHNNY WITT

Sr. Security Analyst

REGISTER NOW!

Let others know about the event!
Share, like and comment on our socials.

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.