Protecting against malicious payloads over DNS using Azure Sentinel
No matter how tightly you control your network, you probably allow DNS queries and UDP/53 traffic on your network. Bad actors can abuse this to establish a stealthy command & control (C2) channel and/or exfiltrate data using DNS tunneling. Azure Sentinel can help detect these types of attacks, and provide insights in the various stages of the kill chain of this attacker.
Interested in more technical details? Select the dark button on the right
How can I defend against DNS tunneling? What role does Azure Sentinel play in monitoring network traffic? And how is detection configured? The dark button on the right hand side of the screen will take you to the technical details.
How can I protect myself from these types of attacks?
DNS tunneling is a real threat. And a common one in delivering payloads and exfiltrating data. Implementing cloud security is a key task to protect yourself from these types of attacks, and provide detection.
Wortell can help design and implement Azure Sentinel and other (cloud) security measures. However, we also provide it as a service through our Security Operations Center (SOC). Contact us for more information.
— Maarten Goet, MVP & RD