Immediately Convert Your Threat Intelligence into

Transcription

Immediately Convert Your Threat Intelligence into
Feature Brief: Custom Integrations
Immediately Convert Your Threat
Intelligence into Global Threat Prevention
For the first time, you can prevent—not only detect—threats
both on and off the corporate network using APIs. OpenDNS
Umbrella is the only cloud-delivered network security service
that enforces your threat intelligence at the DNS layer.
Programmatically Take Immediate Action On Threat Intelligence
Hours or days can go by before you manually configure appliance- or agent-based
defenses to take action on newly aggregated threat intelligence. OpenDNS enables you to
complete the last necessary step to operationalize your threat intelligence. By leveraging
OpenDNS APIs, you can create up to 10 custom integrations between your custom
in-house systems and our cloud-delivered network security service—OpenDNS Umbrella.
Each integration allows your custom scripts to automatically add or remove domains in a
separate security category. You can enforce different policies on each security category.
By enforcing security at the DNS layer, Umbrella uses the Internet’s existing infrastructure
to keep malware, botnets/C2, and phishing from compromising systems and exfiltrating
data over any port, protocol, or app. Blocking Internet activity attributed to your domains on
any device—on or off the network—reduces the time between detection and prevention to
“By 2017, at least 50% of
technology providers will
use intelligence-sharing
capabilities between
disparate technologies and
across different vendors to
support orchestrated
security policy responses
across protected
environments.”
— Lawrence Pingree,
Ruggero Contu,
Eric Ahlm
Context-Aware Security and
Intelligence-Sharing
Concepts Merge to Create
Intelligence-Aware Security
Controls
seconds. If any devices are requesting suspicious domains, you gain global visibility
instantly and can store logs indefinitely for incident response.
WE TAKE IMMEDIATE ACTION
YOU CURATE & CORRELATE
CUSTOM
IN-HOUSE
SYSTEMS
GET
logs
POST
domains
UMBRELLA
Enforcement & Visibility
Network security service that
blocks Internet activity attributed
to domains. And retain all DNS
logs for as long as required.
INVESTIGATE
GET
context on domains,
IPs, or ASNs
Intelligence & Enrichment
Live graph of global DNS
requests and contextual data.
Features our passive DNSDB.
Your custom in-house systems may contain, for example, a SIEM that ties together
several internal servers, AWS cloud services, and your scripts.
WHY UMBRELLA?
SECURITY INCIDENT &
EVENT MANAGEMENT
INTERNAL
SERVERS
logs
CUSTOM
SCRIPTS
But no matter what you have built, you can integrate it with OpenDNS.
Programmatically Enrich Your Intelligence and Actions
Using our APIs and unique view of the Internet, OpenDNS Investigate can also enrich your
threat intelligence with real-time context about suspicious domains, IPs, and ASNs. You
can add our risk scores to your IOCs across a number of attacker infrastructure attributes.
For example, you can script different actions for domains based on OpenDNS detecting
that they use fast flux networks (FFNs) or were created by domain generation algorithms
(DGAs).
•
Threat Prevention
not just threat detection
•
Protects On & Off Network
not limited to devices
forwarding traffic through
on-prem appliances
•
Always Up to Date
no need for device to VPN
back to an on-prem server
for updates
•
Block by Domains
for All Ports
not just IP addresses or
domains over ports 80/443
•
Integrate in Minutes
simple API does not require
pro services to setup
And all the time saved by eliminating manual configurations can be used for investigating
incidents. Using our real-time, Google-like access, you can pivot from one domain to many
related IP addresses, autonomous systems, and co-occurring domains. Access a massive
passive DNS database to see historical data about domains.
Enforce Threat Intelligence Globally
Today, mobile employees
increasingly bypass their VPN
agents for a variety of reasons. If
VPNs are not always on, traffic will
not always pass over the network’s
perimeter where you have deployed
security appliances. Unlike
appliances, Umbrella enforces
threat intelligence globally using the
OpenDNS Global Network.
While many new endpoint detection
and response (EDR) agents only
detect IOCs, Umbrella blocks
advanced attacks before data
breaches or new malware infections
happen. Plus, many of these EDR
agents still rely on VPN agents to
receive updates when the device is
off the network. Not with Umbrella,
because all security enforcement
and intelligence is in the cloud.
For a free trial or more sales
information, contact our team:
Investigate offers direct access to
predictive intelligence generated by the
OpenDNS Security Graph via
70B+ daily DNS queries & BGP data
Umbrella enforces both your IOCs
and our predictive intelligence via
the OpenDNS Global Network of
208.67.222.222
25 data centers with 100% uptime
Customers simply point DNS at us
from Any Device, Anywhere to
block malware, botnets/C2 & phishing
over any port, protocol, or app
1-877-811-2367 | [email protected] | www.opendns.com