DNS Malware Detection Pivotal for Organizations

Using DNS for malware detection in larger enterprises was the topic of discussion in this month's SANS Internet Storm Center's monthly threat update. Using DNS is becoming more and more commonplace, and for good reason. One of the advantages to using this particular safety measure is it's easy to centralize, and if an enterprise has thousands or tens of thousands of desktops that can be a huge advantage over the mess it can be to update antivirus across such a large number of systems.

For it's part, SANS ISC has put together a bootable Linux CD distribution that has everything you might need to run your own filtering DNS server. The ISC also put together some passive DNS analysis where all you do is sniff the traffic coming to the DNS server than come back with a query history that you can compare to various black lists. Both technologies have gotten a lot of positive response, and is easy enough to do on your own.

If your enterprise has a lot of problems with desktops, or if you have an enterprise with thousands of desktops and you don't have any issue with malware you definitely need to think about DNS malware detection. It's not uncommon where enterprises don't know they have a problem and then run the detection process and find that many of its machines have already been infected with existing malware. It's never too late to get started, but this isn't something that can be ignored.