DNS Phishing Forensics
Optimizing DNS Network Resolution: Quantea's QP Solution for Seamless Analysis and Integration
A large service provider needed a device that can help resolve issues on their DNS network while being able to use it 24/7 without causing any interference on the network. In addition, they needed a solution that had to work with their deployed security solution by allowing their security system to request information from it at any time.
Problem:
The solution has to be able to capture DNS traffic in such a way that shows every bit of information about what was happening during the DNS query process, while also being able to store the data to run analyses on the data. They need to record whole packets long term so that they can also resolve issues such as: DOS attacks, Cache Poisoning, DNS amplification.
Solution:
The QP was strategically placed within the data center to capture DNS query and response traffic from two data sources: DNS cache servers and the name servers. The QP was able to store long term data and provide weeks worth of historical look-back for analysis.
With the QP, the large service provider was able to reduce the time to discover issues by leveraging long term packet capture data with fast search and analytics. Also the QP provided interoperability with their current security system and event workflow. With the capability of storing a 1PB or more of traffic through storage amplification, the QP was able to provide more with less hardware.