As most practitioners know, information security is a tough job. With an explosion of new tactics making attackers (and even script kiddies) more effective than ever, it’s imperative that white hat skills and tools are on point, especially those concerning incident response.
One of the newest tools available is Investigate. Investigate includes a UI and a RESTful API, and allows security teams to drill down into the enormous volumes of data that form the backbone of OpenDNS’s predictive intelligence products. The OpenDNS Global Network sees approximately 60 billion DNS requests every day—enough data to surface the highest-priority threats to incident responders quickly, and provide worldwide context so an appropriate reaction can be applied.
“Reducing response dwell time is critical for security professionals,” said Dan Hubbard, OpenDNS CTO. “That, combined with the ability to provide critical context for incident handlers to hunt for additional indicators of compromise (IOCs), was the catalyst for creating our Investigate product.”
Peter Stephenson from SC Magazine took a closer look at Investigate for himself, publishing the results last week. His conclusion? “Investigate is a must-have for your threat analysis toolkit.” He went on to say, “Our technique of pivoting off of the suspect domain to uncover a potentially malicious architecture is greatly enhanced by Investigate. It provides the context for a solid analysis of a potential threat.”
You can read Peter’s full review at SCMagagine.com.