Data science is a field within big data which uses algorithms that incorporate statistical techniques and other computation to interpret data and uncover meaningful patterns. In the security world data science means using algorithms to reveal malicious activity in near real time by processing massive volumes of data gathered from networks and other sources. Contemporary internet threats are sophisticated and adaptable, continuously changing their complexion to evade security defenses. At the same time, security researchers are discovering some sources of security data are either unavailable (or will soon be) or opaquer due to encryption and the need to ensure personally identifiable information (PII) is always properly protected. There is also considerable evidence that the proliferation of new connected devices introduces additional unknown exposure. In this session, we will discuss the current threat landscape, and learn how security researchers are using DNS threat data to discover new phishing domains, predicting the creation of DGA domains used in command-and-control infrastructure, and spotting patterns of DNS data exfiltration. The curation of this knowledge is key in ensuring threat protections organizations rely on are accurate, timely and effective.  

Session Objectives: This session will briefly cover security research challenges in today s threat landscape, explain why DNS resolution data is a rich resource for security research, and discuss improvements in threat coverage, accuracy, and responsiveness to today’s agile threats.