Get In Touch
By Yohai Einav, Amir Asiaee, Ali Fakiri-Tabrizi and Alexey Sarychev Originally Posted on January 4, 2018 Earlier this month we took our show on the road, presenting some of our team's work at the Botconf conference in beautiful Montpellier, France. We could talk here for hours about the food, wine, culture, etc., but it would probably be more plausible for our readers to learn about the current developments in the
By Hongliang Liu and Yuriy Yuzifovich Originally posted on December 29, 2017 Today's post is all about DGA's (Domain Generation Algorithms): what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will demonstrate here, the most effective defense against DGAs is a combination of traditional methods with modern machine intelligence.
With the recent influx of news reports regarding security incidents, more Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and IT professionals are reviewing current security infrastructures, policies, and practices to identify potential weaknesses in their security posture. This has long been best practice, but with the progressive use of various attack and threat vectors now employed by malicious actors against businesses, this practice must be constantly in play
Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet.
Service providers looking to enhance and secure the online experience for their residential and business subscribers often struggle to find solutions that are easy for their customers to configure and use - particularly when it comes to setting policies that carry across fixed, mobile and converged networks. This type of simple, seamless management is actually a key distinguishing feature of Nominum, now part of Akamai, solutions. And not just from
In case you haven't been paying attention, an unlikely technology, the Internet's Domain Name System, or DNS, is experiencing a renaissance. For much of its existence, DNS has maintained a simple and singular function - to resolve Internet names to IP addresses. Over the past several years, however, DNS, or more specifically, the recursive DNS (rDNS) resolver, has assumed a number of new roles, made possible by the fact that
We suggest reading Parts One, Two, and Three before continuing with this blog post. Fast Flux Network Malicious Activity Fast Flux Network as a Platform for Malware Activity In order to make sure, beyond any reasonable doubt, that the Fast Flux network is being used for malicious activities, we collected evidence from a variety of public sources that shows a clear relationship between the analyzed malware samples and domains being
We suggest reading Parts One and Two before continuing with this blog post. Fast Flux Network - C&C Network vs. Hosting Network In order to further investigate the initial assumption of having two different sub-networks as observed in Fast Flux Network - Overview, we created a network graph, but this time without showing the relation to the nameserver. Doing that showed us that we can see two distinct sub-networks segregated
Read Part One, an Introduction to Fast Flux Networks, here. Fluxing - Deep Dive The primary characteristic of the Fast Flux network is that the network constantly changes its IP addresses, domains, and nameservers. These changes obfuscate the true nature of the network and make it more difficult for researchers to understand and defend against.