DNSFilter Hastens Holistic Threat Detection, Response in Enterprise

DNSFilter unveiled Data Export, a feature that allows security teams to accelerate strategies for holistic threat detection and response in the enterprise. Data Export automates the export of DNSFilter query log data to security information and event management (SIEM) and security monitoring solutions.

“The sheer amount of data in modern enterprise environments makes it challenging for security teams to ingest security-related data at scale, manage security tools effectively and take action against advanced threats,” said Steve Staden, senior director of Product Management, DNSFilter. “With Data Export, we are streamlining the process of exporting data from an organization’s largest attack vector: the internet itself, to leading security monitoring solutions. This reduces manual burden and provides visibility into DNS to create the full security picture for organizations.”

Security teams increasingly adopt technologies that provide the ability to ingest, correlate, search and action data from across the entire enterprise and cloud attack surface in a centralized location. Today, more than 70 percent of cyberattacks involve the domain name system (DNS) layer. Data Export automates the process of exporting query log data from DNSFilter’s AI-powered DNS security solution to Splunk and Amazon S3 buckets. S3 then can be used as an intermediary for SIEM and SOAR products from AlienVault, Datadog, LogRhythm, Loggly, Perch, Rapid7, and more.

Key benefits include:

  • Automated export – Security teams no longer need to manually export DNS layer data into a security monitoring solution. More than 25 categories of query log data including domain name, request address, server address and more are exported, saving time and resources.
  • Long-term search – Finding hidden threats requires the ability to run new analysis on historical data. Data Export allows security teams to retain and analyze historical DNSFilter data in their security monitoring solution.
  • Single pane of glass – DNSFilter data can be aggregated alongside all endpoint, cloud workload, and additional enterprise data sources to correlate events and take action in a single location.

DNSFilter is being demonstrated through Thursday at RSAC 2022 in San Francisco, at Booth #3301.

For information go to Meet the DNSFilter team at RSA.