ESET Threat Intelligence data improves detection
A test conducted by Whalebone, a provider of DNS filtering services, showed that adding Indicators of Compromise from ESET to DNS filtering detection data significantly improves detection.
Experts from Whalebone and ESET revealed the results of a DNS filtering test in their joint presentation at the IS2 Conference, an information security event held in Prague, Czech Republic. The test was run on a sample of 100,000 internet connections, representing around half a million connected devices in two countries, the Czech Republic and Slovakia.
Before, Whalebone had utilized Indicators of Compromise (IoC) generated via methods such as sandbox simulations, analysis of network traffic or utilizing known malware patterns. „We wanted to include detection data from endpoints as a new source of IoC, hoping for improved detection capability,“ said Robert Šefr, Whalebone’s Chief Technology Officer.
The test was aimed at confirming the expectation that including IoC from ESET Threat Intelligence would lead to new, previously unavailable detections – while keeping false positives at a minimum.
The test was run in the first quarter of 2018 and involved around 55,000 unique malicious domains in the tested IoC feed. Out of those, around 1100 domains were detected. 18.5% of the devices in the test made at least one attempt to contact a malicious domain from the feed; the overall number of incidents in the test was around 1.75 million. Out of those, around half (866,000 incidents, precisely 49.51%) were detected based solely on the IoC provided by ESET – i.e., without data from ESET, these incidents would have gone undetected. Only 0.47% of incidents were detected based on both ESET’s and original Whalebone data; the remaining 50.02% of incidents were detected independently from ESET.
Out of the 866,000 incidents detected based on the IoC by ESET, only one single domain blocking was found to be a false positive.
'The Whalebone test clearly showed that rigorous categorization of data, which is paramount for ESET, allows for both a high detection rate and keeping false positives close to zero', comments Peter Dekýš, ESET’s IT Security Director.
“The testing has shown that by including IoC from ESET Threat Intelligence, detections significantly increased, with false positives amounting virtually to zero. Overall, the test has proven that it is appropriate to use endpoint-sourced IoC for DNS-level protection”, concludes Whalebone’s Robert Šefr.
Home >> Technology Section
UAE Food Bank and Taya Art Production launch ‘Cook of Thousand Meals' initiative ...
Dubai Police claim wheelchair basketball crown at 11th Nad Al Sheba Sports Tourn ...
Mercato Hosts Special Iftar Event for Students of Determination from Rashid Cent ...
Tag Heuer Ambassador And Skateboarding World Champion Sky Brown Soars Above Towe ...
Students of Sharjah Performing Arts Academy Perform Their Own Production and Exe ...
Ski Dubai, in partnership with Dubai Sports Council, to host DXB Snow Run on 19 ...
Lola Cars returning to top-tier global motorsport with technical partners Yamaha ...
Nissan Becomes First Formula E Manufacturer To Commit To Gen4 Until At Least 203 ...
Mandarin Oriental And Its Global Celebrity Fan, Alia Bhatt, Host The Hope Gala, ...
Hotel Indigo Redefines Art Experience with Launch of Keerthana's First Supper
Roghani, Golestan claim Padel crown at 11th Nad Al Sheba Sports Tournament
ADNOC Distribution Shareholders Approve New Five-Year Dividend Policy As Company ...
flydubai adds two destinations in the Kingdom of Saudi Arabia
Media Statement on the occasion of Zayed Humanitarian Day: Humaid Al Dhaheri, Ma ...
Snap, Savour and Win: Dubai Food Festival and Gulf Photo Plus Launch Photograph ...
Greenpeace MENA Reveals North Africa's Polluters- Time for Urgent Action!
Hotpack Global MD emerges Founding VC of Paper and Tissue Business Group at Duba ...
Dubai Shopping Malls Group Set To Delight Shoppers With New ‘Shop. Scan & Win' E ...
Power to progress: Kia K4 next-generation compact sedan sets new design standard ...
Etihad Rail signs agreement for waste management services with BEEAH Group