Protecting from ransomware attacks with DNS

Presented by

Artsiom Holub, Senior Security Analyst

About this talk

The session is focused on the ways DNS can be used to improve protection against ransomware campaigns and speed up investigations of such incidents. We will cover fresh tactics, techniques, and procedures (TTPs) used by ransomware actors which actively adopt advanced persistent threat (APT)-style tactics and evasion techniques. These actors’ goals have shifted from deploying ransomware on a few vulnerable machines to achieving persistence in the network and causing maximum damage to push victims into paying the ransom. We will share DNS-based classifiers developed by the Cisco Umbrella team and discuss our approach to building them based on changes in the threats landscape.

Related topics:

More from this channel

Upcoming talks (4)
On-demand talks (227)
Subscribers (54158)
Cisco Umbrella provides a cloud-delivered network security service that blocks advanced attacks, as well as malware, botnets and phishing threats regardless of port, protocol or application. Our predictive intelligence uses machine learning to automate protection against emergent threats before your organization is attacked. Umbrella protects all your devices globally without hardware to install or software to maintain. Learn more: https://umbrella.cisco.com/