Mandiant, Inc.
INTELLIGENT SYSTEM FOR MITIGATING CYBERSECURITY RISK BY ANALYZING DOMAIN NAME SYSTEM TRAFFIC METRICS

Abstract:

A system, method and computer-readable medium for mitigating cybersecurity risk by analyzing domain name system (DNS) traffic metrics, including detecting a network communication propagated over a computer network, the network communication comprising a domain identifier, determining DNS traffic metadata corresponding to the domain identifier, the DNS traffic metadata being determined based on monitored DNS traffic associated with the domain identifier to one or more DNS servers, the DNS traffic metadata comprising a count of DNS queries associated with the domain identifier and a rate of DNS queries associated with the domain identifier, determining whether the count of DNS queries and the rate of DNS queries are indicative of a cybersecurity risk, and activating one or more mitigation actions based at least in part on a determination that the count of DNS queries and the rate of DNS queries are indicative of a cybersecurity risk.