Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
1
Helpful
1
Replies

NSA & Co. advisory for Fast Flux threat - Umbrella DNS "up to speed"?

Go to solution
00urb57x9u0O6CPE25d6
Level 1
Level 1

‎04-16-2025 08:20 AM

Hello,

I wonder if the Umbrella DNS solution is capable to face this threat https://media.defense.gov/2025/Apr/02/2003681172/-1/-1/0/CSA-FAST-FLUX.PDF (rater old method, as par ICAAN: https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-025-en.pdf, but it seems recently resuscitated)?

Thank you,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dig
Cisco Employee
Cisco Employee

‎04-17-2025 06:35 PM - edited ‎04-17-2025 06:36 PM

Indeed this technique is a bit old-hat, we have material from six years ago specifically mentioning fast flux as a concern for DNS security for the federal government: https://blogs.cisco.com/government/securing-government-it-all-starts-at-the-dns-layer

...Or even older: https://blogs.cisco.com/security/debunking-the-myths-of-dns-security

This is one of the threat types that can be surfaced in the Top Threats report: https://docs.umbrella.com/deployment-umbrella/docs/threat-type-definitions

Other methods of command-and-control can be used or combined, you can check out the recent announcement for AI-driven DGA detection: https://community.cisco.com/t5/secure-access-announcements/introducing-ai-driven-dga-detection-for-enhanced-security/ta-p/5278341

Not Cisco-endorsed, but I personally like explanation in this video, along with some good speculation near the end for why fast flux has suddenly become top-of-mind: https://www.youtube.com/watch?v=CQ3nnlZ8nbw

 

View solution in original post

1 Reply 1

Go to solution
dig
Cisco Employee
Cisco Employee

‎04-17-2025 06:35 PM - edited ‎04-17-2025 06:36 PM

Indeed this technique is a bit old-hat, we have material from six years ago specifically mentioning fast flux as a concern for DNS security for the federal government: https://blogs.cisco.com/government/securing-government-it-all-starts-at-the-dns-layer

...Or even older: https://blogs.cisco.com/security/debunking-the-myths-of-dns-security

This is one of the threat types that can be surfaced in the Top Threats report: https://docs.umbrella.com/deployment-umbrella/docs/threat-type-definitions

Other methods of command-and-control can be used or combined, you can check out the recent announcement for AI-driven DGA detection: https://community.cisco.com/t5/secure-access-announcements/introducing-ai-driven-dga-detection-for-enhanced-security/ta-p/5278341

Not Cisco-endorsed, but I personally like explanation in this video, along with some good speculation near the end for why fast flux has suddenly become top-of-mind: https://www.youtube.com/watch?v=CQ3nnlZ8nbw

 

Customers Also Viewed These Support Documents