Rather than allowing multiple end users to visit the same malware-infected sites multiple times over, Eastwind Networks today announced it has found a way to employ machine learning algorithms on top of a global network of Domain Name Servers (DNS) to process threat intelligence.
Eastwind Networks CEO Paul Kraus says the predictive machine learning algorithms enable the Eastwind DNS implementation to remember where malware was encountered. Any time new malware is encountered, IT organizations can then treat the Eastwind DNS as a system of record to identify who else in their organization might have been infected by visiting the same site.
“We’re applying machine learning to the DNS request itself,” says Kraus.
Eastwind make DNS available as a global cloud service that enables IT organizations to apply multiple forms of analytics against DNS requests. Kraus notes that means IT organizations can not only gain visibility into DNS requests from behind their own firewall, but also when employees travel. Most DNS requests that employees make outside of a corporate office are never tracked unless all traffic is backhauled through a corporate office. Most companies don’t go to the trouble and expense of backhauling traffic. By redirecting all DNS requests to the Eastwind cloud, Kraus says, those organization can then capture DNS requests anywhere they occur.
Kraus notes there’s also an Eastwind application programming interface (API) through which IT organizations can integrate the Eastwind cloud service with a variety of IT security products and technologies.
The Eastwind DNS service doesn’t reduce the amount of malware being created. But it can go a long way toward dramatically reducing the amount of malware the organization might be exposed to using machine learning algorithms that never forget where malware was encountered. That capability alone should save IT organizations massive amounts of time and effort spent manually trying to turn threat intelligence into security policies that make an actual difference.