DNS Visibility comes as a part of the DNS & Security Gap Visibility product as a feature. DNS Visibility detects the sources of malicious activities on the networks regardless of the network’s size where it is deployed on. DNS & Security Gap Visibility will enhance the clients’ security via the reports and the warnings that are generated on the basis of users.
92% of the businesses could not receive any visibility for their DNS traffic or they do not report the traffic in the manner of analysis. The main reason behind this situation, the EPS costs belonging to DNS traffic are very high and the hardiness of interpreting the DNS traffic.
In any size of network, if malicious traffic is formed, the device that generates this activity will be detected and detailed information about this device such as its MAC address, source IP, the user will be reported. Thus, the EPS costs will be reduced since only malicious traffic is reported.
The users’ DNS requests will be forwarded to the DNS & Security Gap solution and carried through in a matching process.
In this process, Microsoft DNS Server’s DNS logs are collected and their real-time traffic data, Source IPs, hostname information are collected.
The user information(user, AD domain) is gathered from Microsoft Active Directory, and MAC Address information is gathered from DHCP, then this information is analyzed.
The data that is collected from Microsoft AD and DHCP are matched to the DNS log information.
Then the domain names will be directed to Roksit's DNS Servers. The real-time DNS traffic is analyzed and the requested domain is categorized by Roksit’s AI-based mechanism. Roksit has 99.9% precision in categorization, and it classifies the traffic by grading with the help of Roksits Cyber Threat Intelligence platform and AI-based substructure.
After the matching and the categorization process, a meaningful report will be generated that indicates which user requested which exact domain on which device and when this request happened.