The new release of the OpenDNS Umbrella Web security platform has been enhanced with predictive detection capabilities provided by the Umbrella Security Graph. It can identify, prevent, contain and inform on advanced cyber-attacks without the need for a malware sample or attack data.
The Umbrella Security Graph is a cyber-security big data platform that harnesses the collective intelligence of the Internet to discover and predict malicious attacks – before devices can be compromised and data exfiltrated. It combines indexed and cross-referenced data with real-time cyber intelligence scoring and threat classification, without the need for tuning or intervention by security administrators.
“The volume and sophistication of attacks has continually driven down the efficacy of today’s security. It’s time for change,” said Dan Hubbard, CTO of OpenDNS. “By using the big data analytics tools, machine learning, graph theory and related algorithms of the Umbrella Security Graph we can predict where new threats are coming from and block them before they can reach users of the Umbrella Security service.”
To enable customers to tighten security configurations and more aggressively use predictive threat analytics provided by the Umbrella Security Graph, OpenDNS has created new security intelligence categories. For example, high-risk sites and locations has been created to supplement known malware and botnets classifications.
Meanwhile, drive-by downloads hosting exploits (often used by malvertising and watering hole attacks), Dynamic DNS (often used as an evasion technique against IP blacklisting) and Mobile Threats are new individual categories added to enhance protection and improve reporting granularity. Providing detailed and actionable intelligence (i.e. why something was blocked) allows customers to prioritize security events.
The Umbrella security categories supply context to IT security teams, within one minute, on the type or behavior of the threat blocked. Visibility into the user, device and network identity potentially impacted by threats enables IT to prioritize and remediate risks before damage can be done. Information on the following activities is centralized across all networks and devices (on- and off-network):
- Blocked botnet request
- Blocked malware or phishing request
- Blocked suspicious or high-risk site request.