Notably, the algorithms can be like real viruses, in that the developers can create variants – so this is a constant battle but an important piece of work to help protect organizations using the CIRA DNS Firewall.
Okay – billions of queries, what kind of analyst can look at that (aka how does machine learning work?)
Machine learning is needed due to the massive volume of data. Clustering can be used to recognize when many, apparently unique domains that come from single IP addresses, known or not known to be commonly used by a threat actor. It also analyzes the DNS record for patterns that may identify similar sources. In reality, there are hundreds of systems and subsystems used to detect nefarious activity and the activity is complemented by continuous manual research.
Contribution to defence-in-depth
To conclude, the CIRA DNS Firewall (or any DNS-based security layer) is a recommended best practice by almost all cybersecurity frameworks but it is only a benefit if it compliments your other layers. With the unique threat intelligence that Akamai provides as part of the CIRA DNS Firewall, you are getting extra protection and that is the key to success. There is no point in having layers if they all use the same intelligence.
In fact, 30% of all the blocks that the CIRA DNS Firewall sees on the network come from the unique intelligence provided by Akamai. The remaining 70% comes from the various threat feeds that also comprise the overall list and those, like the Canadian Center for Cybersecurity list that CIRA layers-on.
In short, if you are consuming lists and/or have a firewall in place that blocks threats, we can say that for our customer base that the additive DNS layer is proving very effective, requires no direct maintenance and management, and is non-intrusive to the end user.