Did you know that 80+ % of IP addresses that generate malicious traffic cannot be resolved immediately!
This is due to the fact that they do not carry an IP address!
In the 2021 Roksit Things of The Internet report Domains in malicious categories pose a threat to network security. Some of these domains include malware/viruses, DGA domains (created with a special algorithm), botnets, phishing, proxies, spam, and warez sites. As the graph shows, 75% of malicious domains belong to the potentially dangerous categories.
80+ % of malware domains do not have an IP address at the moment. Malware requests that do not have an IP address can only be detected in the DNS log. Cyber X-Ray an average of 100,000 malicious domains discovered per day. Below is an example of a malicious traffic report found in a passive state. Since domains do not have IP addresses, it is recorded as 0.0.0.0 . That is why you can not see infected machines constantly trying to connect botnet cc in other security devices that work in Layer 7 (Application Layer) such as firewalls, proxy devices, IPS etc... We believe that with the help of the analysis of DNS data in corporate networks, the entire network’s security analysis can be made and sophisticated attacks can be detected. We are working hard to develop products for this.
For detailed information, please read "Detect Invisible Malicious Traffic" solution.
Make Malicious DNS Activities Visible with AI-Powered Analysis .