Immediately Convert Your Threat Intelligence into
Transcription
Immediately Convert Your Threat Intelligence into
Feature Brief: Custom Integrations Immediately Convert Your Threat Intelligence into Global Threat Prevention For the first time, you can prevent—not only detect—threats both on and off the corporate network using APIs. OpenDNS Umbrella is the only cloud-delivered network security service that enforces your threat intelligence at the DNS layer. Programmatically Take Immediate Action On Threat Intelligence Hours or days can go by before you manually configure appliance- or agent-based defenses to take action on newly aggregated threat intelligence. OpenDNS enables you to complete the last necessary step to operationalize your threat intelligence. By leveraging OpenDNS APIs, you can create up to 10 custom integrations between your custom in-house systems and our cloud-delivered network security service—OpenDNS Umbrella. Each integration allows your custom scripts to automatically add or remove domains in a separate security category. You can enforce different policies on each security category. By enforcing security at the DNS layer, Umbrella uses the Internet’s existing infrastructure to keep malware, botnets/C2, and phishing from compromising systems and exfiltrating data over any port, protocol, or app. Blocking Internet activity attributed to your domains on any device—on or off the network—reduces the time between detection and prevention to “By 2017, at least 50% of technology providers will use intelligence-sharing capabilities between disparate technologies and across different vendors to support orchestrated security policy responses across protected environments.” — Lawrence Pingree, Ruggero Contu, Eric Ahlm Context-Aware Security and Intelligence-Sharing Concepts Merge to Create Intelligence-Aware Security Controls seconds. If any devices are requesting suspicious domains, you gain global visibility instantly and can store logs indefinitely for incident response. WE TAKE IMMEDIATE ACTION YOU CURATE & CORRELATE CUSTOM IN-HOUSE SYSTEMS GET logs POST domains UMBRELLA Enforcement & Visibility Network security service that blocks Internet activity attributed to domains. And retain all DNS logs for as long as required. INVESTIGATE GET context on domains, IPs, or ASNs Intelligence & Enrichment Live graph of global DNS requests and contextual data. Features our passive DNSDB. Your custom in-house systems may contain, for example, a SIEM that ties together several internal servers, AWS cloud services, and your scripts. WHY UMBRELLA? SECURITY INCIDENT & EVENT MANAGEMENT INTERNAL SERVERS logs CUSTOM SCRIPTS But no matter what you have built, you can integrate it with OpenDNS. Programmatically Enrich Your Intelligence and Actions Using our APIs and unique view of the Internet, OpenDNS Investigate can also enrich your threat intelligence with real-time context about suspicious domains, IPs, and ASNs. You can add our risk scores to your IOCs across a number of attacker infrastructure attributes. For example, you can script different actions for domains based on OpenDNS detecting that they use fast flux networks (FFNs) or were created by domain generation algorithms (DGAs). • Threat Prevention not just threat detection • Protects On & Off Network not limited to devices forwarding traffic through on-prem appliances • Always Up to Date no need for device to VPN back to an on-prem server for updates • Block by Domains for All Ports not just IP addresses or domains over ports 80/443 • Integrate in Minutes simple API does not require pro services to setup And all the time saved by eliminating manual configurations can be used for investigating incidents. Using our real-time, Google-like access, you can pivot from one domain to many related IP addresses, autonomous systems, and co-occurring domains. Access a massive passive DNS database to see historical data about domains. Enforce Threat Intelligence Globally Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network’s perimeter where you have deployed security appliances. Unlike appliances, Umbrella enforces threat intelligence globally using the OpenDNS Global Network. While many new endpoint detection and response (EDR) agents only detect IOCs, Umbrella blocks advanced attacks before data breaches or new malware infections happen. Plus, many of these EDR agents still rely on VPN agents to receive updates when the device is off the network. Not with Umbrella, because all security enforcement and intelligence is in the cloud. For a free trial or more sales information, contact our team: Investigate offers direct access to predictive intelligence generated by the OpenDNS Security Graph via 70B+ daily DNS queries & BGP data Umbrella enforces both your IOCs and our predictive intelligence via the OpenDNS Global Network of 208.67.222.222 25 data centers with 100% uptime Customers simply point DNS at us from Any Device, Anywhere to block malware, botnets/C2 & phishing over any port, protocol, or app 1-877-811-2367 | [email protected] | www.opendns.com