International Business Machines Corporation
Threat intelligence information access via a DNS protocol

Abstract:

A network-accessible cyber-threat security analytics service is configured to receive and respond to requests that originate as name queries to a Domain Name System (DNS) service. Threat intelligence information provided by the service is organized into threat intelligence zones that correspond to zones exposed via the DNS service. Upon receipt of a DNS query, the query having been generated by an application seeking access to threat intelligence data exposed by the service, the query is translated into a DNS zone-specific API request based on the type of threat intelligence information sought. The zone-specific API request is then used to retrieve the requested threat intelligence information from a threat intelligence database. The requested threat intelligence information is then returned to the application by being encoded as part of a response to the DNS query. In this manner, the DNS protocol is leverage to facilitate highly-efficient access and retrieval of threat intelligence information.