VideoHacking Demo #2- Command & Control
This video portrays how malware uses command and control through the DNS protocol in order to contact the main server, to move onto their next act. In the previous video on phishing, one main infection vector is an email attachment that a user opens. Once the malware installed on the victim’s computer, the DNS protocol is used to exchange information through standard requests and responses with the central CnC server. As DNS is a protocol authorized to cross all security boundaries of the enterprise network, it is a reliable way of communication with the outside world.
The DNS Guardian solution is capable of advanced behavioral threat detection and adaptive countermeasures. With DNS inspection on real-time traffic, Guardian detects bad behavior even on unknown domains, and can block this specific traffic without impacting the legitimate traffic from the user.