Detecting DNS Tunneling/Exfiltration with Elastic machine learning

Detecting DNS Tunneling/Exfiltration with Elastic machine learning

If you have never heard of DNS tunneling/exfiltration, or even had contact with it in your enterprise network and are wondering how to detect it, you have probably come to the right place. In this blog post, we explain what exactly is DNS exfiltration or tunneling attack, as well as why it has previously been difficult to detect it and how we can successfully use the built-in machine learning capabilities of Elasticsearch.