Security today is largely predicated on researchers or vendors obtaining one of the following: a sample of an attack, a binary file, or an exploit. Although we are starting to see more effective behavior analysis methods, they are still reactive. Simply put, infections happen first and detection happens second. Additionally reputation scoring relies on expert systems that need tuning by both researchers and customers and have limited feature-sets that result in low coverage.
Using Big Data and data mining methods to predict attacks before they happen, OpenDNS Security Labs built the OpenDNS Security Graph. The tool allows us to block sites that are going to host malware, bot networks, and phishing before they actually become malicious. The data is sourced from the 40+ billion DNS requests OpenDNS receives each day from 50 million customers in more than 150 countries.
Data Mining and algorithmic classification techniques such as machine learning, graph theory, anomaly detection, and temporal patterns are used in combination with contextual search, visualization, and scoring in order to predict the Internet origins of attacks. For a more comprehensive demonstration of how the OpenDNS Security Graph provides predictive threat protection, view the on-demand webcast.
Researchers can also apply for access to the contextual search engine here.