(844) 442-9462(844) 442-9462Free TrialFree TrialContact SalesContact SalesSign inSign in
Cygna Labs
<b>IPControl</b> Software
IPControl Software

Advanced DDI software for Linux or Windows

<b>Sapphire</b> Appliances
Sapphire Appliances

Secure, multi-platform DDI appliances

<b>DDI</b> Services
DDI Services

Tiered support and managed DDI services

<b>DDI</b> Security
DDI Security

DDI defense-in-depth protections

<b>DNSSEC</b> Appliances
DNSSEC Appliances

Automated DNS integrity and authentication

<b>IPAM</b> Auditor Appliance
IPAM Auditor Appliance

Rich DDI reporting, auditing, and forensics

<b>ImageControl</b> Software
ImageControl Software

Scalable DOCSIS firmware management

<b>Sapphire</b> Automation Appliances
Sapphire Automation Appliances

Drag-and-drop DDI API automation

<b>IPAM</b> Executive Failover Appliances
IPAM Executive Failover Appliances

DDI management resiliency

Products
IT Managers
IT Managers

Keep your network and business running

DevOps Engineers
DevOps Engineers

Insert DDI automation effortlessly

Security Professionals
Security Professionals

Add a DDI defense-in-depth layer

Business Professionals
Business Professionals

Maximize returns with comprehensive DDI

Cloud Architects
Cloud Architects

Consolidate cloud subnet, IP & DNS data

Solutions
Blog
Blog

Intriguing DDI and Compliance posts

Newsroom
Newsroom

Keep up with our blistering news feed

Webinars
Webinars

Educational technology webinars

Events
Events

Come see us at upcoming industry events

Partners
Partners

View our growing partner integrations

Success stories
Success stories

How real businesses accelerate their growth with us

Resources
About us
About us

Learn what makes us great

Leadership
Leadership

Meet our executive team

Careers
Careers

Come join our rapidly growing team

Company
Book a Demo
shield

Strengthen your organization’s cybersecurity posture with software solutions from Cygna Labs

  1. Home

  2. Blog

  3. What Just happened?

DNS Security

What Just happened?

Timothy Rooney

Timothy Rooney

Oct 24, 2023

What Just happened?

There are those who want to make it happen. And there are those who watch it happen. Then there are those who ask, “what just happened?”

Regardless of your disposition, each of these perspectives illustrates a vital role in cybersecurity operations. And when asking “what just happened?”, the more relevant information available during incident response or cyberthreat investigations, the better. Among the many forms of such information, that pertaining to DHCP, DNS, and IPAM (DDI) can provide critical clues as to incident forensics.

Layered Defenses

For instance, when investigating a potential advanced persistent threat (APT) malware download of code updates, the first step in connecting to the malware command and control (C2) center nearly always leverages DNS. After all, DNS enables the malware to query for a given domain name, enabling the malware author to dynamically configure the C2 IP address to which it will connect. By identifying this incident during the DNS query phase of the connection attempt, you can halt the malware download process before it starts.

The Cygna Labs DNS Firewall Service provides a real time feed of nefarious malware domain names, as well as names and IP addresses of DNS servers of ill-repute. Identifying such queries and responses in flight enables you to modify the DNS response to either redirect the querying device to an in-house remediation portal or to otherwise deny proper resolution. You can even permit the resolution but log the query for investigation for suspicious but not proven nefarious resolution data.

Should the query succeed, enabling connectivity to the C2 center, other layers of your defense in depth security strategy may well detect and mitigate this activity. The Cygna Radar VitalQIP appliance package and stock Sapphire appliances from Cygna Labs provide detection and shutdown of DNS tunnels. DNS tunnels relate to the exfiltration of sensitive data via the DNS protocol.

If you’re of the type to watch it happen, Cygna Labs offers several monitoring, reporting, visibility, and forensics products. Our Cygna Radar, Cygna DDI Guard and Sapphire IPAM Auditor provide vibrant reporting and investigation features to facilitate DDI visibility across your network.

NIST Cybersecurity Framework 2.0

And if you’re the type to make it happen, Cygna Labs offers a diverse portfolio of DDI security solutions to help you implement the recommended identify, protect, detect, respond, and recover operations as part of a unified cybersecurity strategy as defined by the National Institute of Standards and Technology (NIST). NIST is presently updating the framework for unveiling in 2024, so visit our DNS security resource center to learn about what’s coming and how it impacts your foundational DNS-DHCP-IPAM (DDI) network services.