Abstract: A system, method and computer-readable medium for mitigating cybersecurity risk by analyzing domain name system (DNS) traffic, including detecting a network communication propagated over a computer network, the network communication comprising a domain identifier, monitoring DNS traffic to and from one or more DNS servers relating to the domain identifier, the DNS traffic including one or more DNS queries and one or more corresponding responses, extracting information from the monitored DNS traffic to generate a record identifier, updating a DNS metadata record stored in memory and associated with the record identifier based at least in part on the monitored DNS traffic, the DNS metadata record including one or more occurrence metrics associated with instances of the domain identifier in previous DNS traffic, determining whether the one or more occurrence metrics are indicative of a cybersecurity risk, and activating one or more mitigation actions based at least in part on a determination that the one or more

Abstract: A system, method and computer-readable medium for mitigating cybersecurity risk by analyzing domain name system (DNS) traffic metrics, including detecting a network communication propagated over a computer network, the network communication comprising a domain identifier, determining DNS traffic metadata corresponding to the domain identifier, the DNS traffic metadata being determined based on monitored DNS traffic associated with the domain identifier to one or more DNS servers, the DNS traffic metadata comprising a count of DNS queries associated with the domain identifier and a rate of DNS queries associated with the domain identifier, determining whether the count of DNS queries and the rate of DNS queries are indicative of a cybersecurity risk, and activating one or more mitigation actions based at least in part on a determination that the count of DNS queries and the rate of DNS queries are indicative of a cybersecurity risk.