Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1190
Views
1
Helpful
0
Comments

CTA Updates - New Malicious Hosting Detector

psomol
Cisco Employee
Cisco Employee
‎03-05-2018 09:46 AM

This blog extends information from Cognitive Threat Analytics (CTA): Release Notes

 

February 2018 Update

 

(by Ivan Nikolaev and Lukas Machlica)

 

Malicious hosting detection: CTA engine is able to detect new type of incidents. The incidents manifest communication with endpoints associated with malicious hosting activity. The association is determined from global behaviour of the host, learned accross various data sources.

 

pdns-dga-release-notes.png

Example: this incident is an example of communication with malicious hosting infrastructure. There are three domains labelled as malicious hosting. Two of them are associated with the the same IP. These IPs also host other DGA domains (domains generated algorithmically), as seen in the incident. The communication happens over HTTPS and there are several successful downloads from the domains.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents