May 16, 2018 — ETP updates

Integration of Nominum Data. ​Secure Internet Access Enterprise​ now benefits from threat data generated by Nominum, the carrier DNS-based security and services innovation leader that was recently acquired by Akamai. Nominum’s carrier-grade DNS software currently resolves over 1.7 trillion daily DNS requests for carriers worldwide. The addition of this data allows ​SIA​ to identify more threats in an enterprise network.

On the first day of this release, you will see an increased number of offline events as this additional intelligence is expected to discover more events from the last 7 days.

DNS Exfiltration Security List. ​SIA​ now offers a DNS Exfiltration Security List and a new DNS Exfiltration category for custom lists. The DNS Exfiltration Security List identifies domains that serve as a communication channel over DNS and may be used to steal sensitive data or allow malware to communicate outside the network.

This data was previously part of the Command and Control (C&C) Security List. By default, the new DNS Exfiltration list uses the same policy action as the C&C Security List as long as the C&C list does not use the Block – Error Page or the Block – Sinkhole policy action. The Block – Error Page and the Block – Sinkhole actions do not prevent DNS exfiltration because a malicious communication channel can be created when domains are resolved to a custom error page, sinkhole, or Enterprise Security Connector. As a result, if these actions are configured for the C&C list, the new DNS Exfiltration list is assigned the Block – DNS action.