Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

Abstract: Computer networks, particularly larger networks, may have various issues and vulnerabilities. By collecting network traffic data from a network in multiple different locations, then analyzing correlations in this data, performance issues and security risks can be uncovered. Techniques disclosed herein can help mitigate risks posed by malware, mitigate network performance issues, and also help provide a detailed network map of devices, services, and/or operating systems that are present on a network.

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

Abstract: Computer networks, particularly larger networks, may have various issues and vulnerabilities. By collecting network traffic data from a network in multiple different locations, then analyzing correlations in this data, performance issues and security risks can be uncovered. Techniques disclosed herein can help mitigate risks posed by malware, mitigate network performance issues, and also help provide a detailed network map of devices, services, and/or operating systems that are present on a network.