Close

November 22, 2021 • RBS

Categories: Security News

Jennifer Ayers, Chief Operating Officer at DNSFilter, joins Jake Kouns, CEO and CISO at Risk Based Security to talk about DNS security. According to DNSFilter’s latest report, DNS-based attacks are on the rise. What does this mean for your organization and the industry as a whole? Find out in this episode of The Right Security!

The Right Security

In The Right Security, join leaders and veterans in the security industry, as we tackle the biggest issues impacting organizations today.

Check out The Right Security series on YouTube, and subscribe to the Risk Based Security channel to see new episodes in your feed.

Show Notes

0:00 – Introductions and Movember
2:15 – What is DNS?
4:15 – What is DNSSEC (Domain Name System Security Extensions)?
6:05 – How to categorize security issues involving DNS
8:40 – The Domain Threat Report
11:24 – Are DNS attacks on the rise?
13:32 – Effect DNS attacks have on the state of cybersecurity
15:33 – How attackers are choosing their targets
17:45 – Ransomware and DNS
19:44 – DNS debates within the security community
21:48 – How organizations can protect themselves
22:40 – Wisdom in leadership
25:23 – How to get into cybersecurity
28:45 – Discovering your cybersecurity discipline
30:16 – How organizations can start to implement
31:40 – Conclusions

Further Reading

DNS and Protecting Your Organizations – Episode Transcript

JAKE

I wanna welcome everyone to the show, but before we get started, I do need to call some attention to the glorious ‘stache that I have started to grow. In fact, this is week two for those that are counting. I’ve had a lot of people ask me what happened to the beard, why do you have a stash? So, yeah, there is a reason we’re taking part in Movember this year. So we’re helping raise funds and awareness for mental health issues from a vendor for all the dadd, brother, sons and friends in our lives. It’s not just about growing a mustache. There’s lots of ways to get involved like exercising and more. We’ll add some links in the show notes if you’re interested. Please consider, you know, getting involved. We’re trying to do a bunch of other community efforts as well. We’re always looking for ways to get involved with the local community.

With that behind us, in today’s episode, I’m joined by Jennifer Ayers. Jennifer’s the Chief Operating Officer, at DNS Filter. She has over 20 years of cyber security experience. Prior to DNS filter. She was at Crowdstrike, serving as the vice president of Overwatching and Security Response. Before that, she was the director, senior director of product management, and she also spent three years at FireEye, on the security operations side. Jennifer held other multiple roles particularly for GE as a cyber leader and incident response, computer forensics and supplier security. Jennifer, welcome to the show.

JENNIFER

Thanks, Jake. It’s nice to meet you.

JAKE

Jen. Before we get started, I do need to give a shout out to one of your coworkers Pete Woods who I believe is the director of DevOps at your company. He has the most amazing ‘stache. And in fact, I don’t know if we can in post, put his picture in or not? But, you know, the way he looks, this is what I think my mustache looks like. Then I realize it isn’t at all. But do you think it’ll be possible that you could send him my regards for such a glorious moustache?

JENNIFER

Absolutely. I will tell him and I’m sure he will get a big kick out of it.

JAKE

Awesome. Alright. So let’s get serious today. I’m looking forward to covering DNS with you and really how to protect your organization. So I think you’re aware we have a lot of viewers that are still new to cyber security, trying to figure out what they’re doing, learning its concept. So I want to take a few moments to set the stage with you. So I want to ask you and to help everyone. What actually is DNS and what have you found is the easiest way to describe DNS to newcomers?

JENNIFER

So I think there are a number of different ways you can describe it to newcomers. But, you know, DNS or a domain name. It really has to do with how you effectively resolve from a name to a number or, you know, a name to number very similar to the phone. So you look somebody’s name up. I look up Jake, you know, and Jake is in this line, phone number to it. I go to Google dot com. Google has been assigned an IP address to assign a number to it. And that is very simplistic to describe a very complex system in the world. DNS. You know, there’s a lot more layers that go to that. There’s a lot more pieces that go to it. But probably the easiest way to start DNS is something that every single person who uses the internet use it, internet users, as well as every system that is effectively connected to an internal system, internal network or system to system for your system to internet system to cloud. So DNS is a really fundamental way of how the transmission of information occurs. And essentially is also one of those areas that tends to be the most overlooked from a security perspective.

JAKE

That’s a great way to describe it. I think my way these days has been so simplistic. Maybe it’s too simplistic. I’ve been telling people. Hey, you remember anyone’s cell phone number anymore? Do you remember people’s phone numbers and they’re all gonna have these blank looks and I say that’s pretty much with DNS if you just hit on your foot, right? So, alright, so what about this? There was a lot about DNS sec, right? So domain name security, system security extensions, I believe. And I gotta be honest, I haven’t heard much at all about it recently. I don’t want to throw a curveball at you here, but do you have any insight on what the heck is going on with DNSSEC? Is DNS Filter involved with it at all by chance?

JENNIFER

So I think there’s still a lot of active conversations going on and multiple different points of view. But from a DNSSEC perspective, yes, we do that on the DNS Filter side, this is something that we DNS security is something that we’re looking at and have looked at for the past several years. A data set could mean a variety of different things whether it’s encrypted DNS traffic using a deal to you or DOH. It can also ultimately mean the various ways of different types of trends, miscibility. So it’s a little bit more of a broad topic. And I apologize for not, you know, pinpointing on a specific thing, but we’re definitely involved and we’re definitely engaged… in… in… in that… in that particular space and multiple types of technology to be able to protect our customers. There’s obviously more information. We actually did some recent blogs on our website about DNS encryption itself, how we handle DOTT and NDOH for, you know, DNS over TLS and DNS over HTTPS. We are, you know, it’s not like reading that’s for sure. These are a little bit hard to understand in terms of the way that you know DNS over TLS and DNS over HTTPS works. So DNS over HTTPS, very browser based DNS over TLS as much more. You know, much more on the backside. So I mean we’re more than happy to answer… answer questions. We have a chat bought on our… on our website and people do have questions. We’re more than happy to answer them.

JAKE

Thinking about security issues with DNS. I wanna ask you a little bit how to categorize it. And the reason I say that is that I’m trying to explain things to people. I usually will say things like, well DNS can be used to maybe attack a company directly like in impersonation or calls and outage, it can be used. The DNS can be used to trick employees to go to malicious websites. And… and even DNS could be used to control malware or other things. What is a better way to sort of maybe categorize or put it into buckets? Just so many different ways that DNS can be attacked.

JENNIFER

I think you really capture the bulk or in the most, no ways that DNS can be used. But as they highlighted a little bit earlier, you know, DNS isn’t just about the simple aspect of name resolution of Google and get, you know, pull up your web page. There’s a lot of there’s… there’s quite a few things that happened in the back end especially in the context of sending records and different record types. So when you’re using email, for example, you know, you’re… you’re resolving, you know, the… the name itself have Gmail dot calm, but you’re also sending an MX type record. I think one of the most, one of the areas that is over is what happens within those record types themselves. There’s a lot of there’s not a lot of visibility that’s provided today, but it is certainly an avenue that I have seen used in the past for adversaries to use that type of avenues such as a TX T record to send, you know, still in intellectual property, you’re using it for you beyond command and control, but instead using it as a transmission layer. So nobody’s really looking at specific record size. You know, most of the time maybe XYZ size is considered normal traffic, and then you have a much larger percent of traffic within the… within the DNS record itself. So there’s a lot of it is complex in its own way. But when you start to peel back the onion, it really becomes a little bit more clear also in the sense of DNS and how DNS is used to new, what are the relationships with our relationships between domains? How does traffic flow? Where does traffic flow? Is a system talking to something that shouldn’t be there’s. So many different parts to the puzzle is not an impossible possible puzzle to solve especially if you have a good, you know, security program where you’re implementing a good security program and being able to look at each aspect of your environment from endpoint to network to DNS?

JAKE

Your company just published their first report ever. And now if I understand correctly the annual domain threat report, I will definitely be sure to again up the link in the… in the show notes. So everyone can go check it out. But before we dive in some of the specific topics and questions, I am just curious, can you get a little bit of insider details on what goes into making a report like this? And I think the company was founded in 2015 if I’ve got that right. And… and I’ve just now decided to publish this. So can you give us a little inside the details on what goes into this?

JENNIFER

Sure. Annual reports or one of my favorite things to do. I’ve done them, you know, previous, you know, in my previous roles and then here at DNS filter as well. And what is the most important aspect to me about writing these types of reports? Isn’t just about looking at the type of data that you have, but also compiling that data into a usable format for people to read. It’s. One thing to go through and read a giant threat report and walk away with. I just read a giant threat report, but it’s integral to me that people can take the information that we’re… that we’re providing and execute on it, do something with it, put protections in place. So, what when, you know, most of these reports, whether you’re at DNS filter or in, you know, looking at other types of vendor reports, they’re built off of a compilation of data in, you know, whether that’s your existing customer data or whether it’s… it’s a combination of your customer data. Plus, you know, the customer data that you collect, plus, you know, open source intelligence that’s currently available. Really, it’s about identifying the trends, explaining why that trend is important and explaining how to protect yourself against XYZ type of threat. So, an example in our report was talking about, you know, top level domains or TLDS and the interesting usage of the dot XYZ type, XYZ extension. It was really novel to be able to see this over the, you know, over the data really nimble to be able to see what that looks like over the past couple of years and how the trend of utilization has gone up. And then when you apply our capabilities of, you know, categorizing these types of domains, what domain category categories are using? That type, that XYZ type of domain more than others? So really people to look at those types of trends and glean information that says, hey, look, dot XYZ isn’t necessarily bad, but we are starting to see a little bit more of an uptick of usage on it for things like fishing for, you know, definitely, in some cases redirecting from hijacking type of active.

JAKE

Based on your findings, it seems that you believe the DNS attacks are on the rise. I guess if you speak to people in security, they might say that, hey, it feels like every attack is on the rise in all areas. But can you provide some thoughts here on… on why you believe the attacks are on the rise? Maybe how they’re manifesting? And if you want to walk us through a little, maybe a little bit more sort of common DNS attacks that you’re starting to see?

JENNIFER

Sure. So to clarify, new Dina specific based attacks can be, you know, new can be construed, I think in… in multiple different ways. But DNS being used as part of an attack is, you know, not necessarily just on rise but regularly occurring. So as you start to see different, you know, ransomware at times at the tax or, you know, as we call it, he crime in industry or nation state, types of the tax, you know, there’s always an element or a part of DNS that ultimately plays in that, whether it’s the initial phases of, you know, where they’re trying to get into the environment through some level of social engineering, whether you know, and… and using hijacked websites or whether it’s spear phishing campaigns for different avenue avenues like that. DNS is fun. You know, DNS is essentially being used in that capacity to… to create the beginning stages… in… in some… in some types of tax. Other types of texts from, you know, more specific DNS layer, you know, your traditional denial of service, your traditional, you know, mechanisms of really, you know, how using DNS as a way to prevent people from being able to get to a system using DNS as a way to redirect people to get to the new to where you want them to go or even using DNS in the context of destruction to… to shove something down. So, are we seeing a rise of DNS based attacks? Yes, that could be across for two different things as you highlighted the rise of threat with the rise of various types of the tax as a whole, and also deeper visibility into DNS being used in this manner.

JAKE

In the domain threat report, when I was reading through it look like the findings make it believe that a lot of malicious domains encountered belong to specific country level countries, top level domains. So I have sort of two questions, maybe provide some more context or… or send me on the right path here about sort of top level domains from a country standpoint. What do you think that says about sorta of the state of cyber security, maybe as a whole. And then is this just simply blocking traffic to and from countries that are playing well?

JENNIFER

Probably not quite. Is nefarious. Is that when you look at the aspect of country level domains, just because it ends and adopts, you… you know, domain dot R, U domain doesn’t necessarily mean that… that is particularly related to Russia, itself, right? That is essentially highlighting that the infrastructure you know was based in… in Russia, doesn’t meet, you know, can’t just make that one for one inference that doc, yeah, do you automatically mean Russian… the Russians are attacking. You know, what that does show though is the availability of infrastructure or hosted infrastructure from many different countries. You know, it’s not so easy. You know, the boundaries that used to exist, don’t exist anymore. It could be, you know, it could be any country that’s hosting infrastructure in the dock. Are you in the domain space? And, you know, inherently creating that slight miss direction that the Russians are attacking. You have to be very careful when you’re starting to do that type of analysis. The analysis that we provided, it’s not a finger pointing game. It’s really about being aware of where your traffic is coming from and where your traffic is going. If you’re a small company, for example, and you’re not international, you’re not doing business globally, then maybe one avenue to protect yourself is to block access to domains that are not hosted within the country that you are currently operating it.

JAKE

With your DNS handle on what are your thoughts on how attackers are choosing their targets these days?

JENNIFER

That’s a very good question. It seems to be a little bit all over the map. If you’re looking at the crime space, you know, he, who has, you know, more money will win if you’re looking at, you know, sort of the nation state space, you know, who this appending on what those types of adversaries are particularly looking for, what their local agenda, maybe they’re militaristic agenda. Maybe, I think in my opinion right now are bigger risk isn’t necessarily just the typical large for extra large enterprise companies. Make the bigger risk to me is actually in the much smaller space in the SMB, in the mid market space companies who work for our task to contract out to these larger entities who don’t necessarily have the ability the funding to have really strong security programs, to look at things like Claudio pipeline or GPS, you know, especially as parent units, you know, they’ve invested in security over the years. They have strong security programs, but, you know, colonial and GPS also, you know, outsource or contract out some parts of their particular process whether it’s making a widget for a thing, whether it’s the supplier, you know, the shipping or the largest, this aspect and everybody is connected, right? We’ve gone. We’ve moved to this whole Justin time over the last 30 years of, you know, nail this in, you know, now automatically orders are being sent to, you know, sit down this chain, you know, as you start to dig into that supply chain, that starts to become more and more visible as a significant risk because a lot of security products on the market today have effectively become an affordable for, you know, SMB and mid market customers like you can’t necessarily pay or don’t have the budget to spend, you know, a 1,000,000 dollars to deploy the hottest security tools on the market or the, you know, just because you know, they’re… they’re available, right? You have to do what’s within your budget and within your capabilities of doing so. I think we’re starting to see, you know, that it’s becoming visible. It’s been a risk for years that the supply chain is truly an avenue that is… is… is going to be much more targeted than we’ve ever seen because it’s easy.

JAKE

Let’s talk about ransomware for a moment. How could we not, right? Ransomware is still maybe one of the hottest topics. So, and by the way of seeing what appears to be some substantial law enforcement actions, successful ones over the past couple of weeks. But regardless, we’re still seeing a lot of vendors just like you said, you know, out there is charging expensive fees, but a lot of these vendors and now marketing, you know, they stop ransomware in their tracks and we’ll stop ransomware and all this sort of stuff from your point of view, how are you seeing attackers and ransomware operators using DNS as part of these operation?

JENNIFER

No, again on the DNS side near Dina plays a fundamental role in, you know, the, but ultimately in the attack chain. So in the context of running somewhere more specifically, that started out with spear fishing. I’m also in the sense of, you know, some, you know, from red square that uses more already, P, type of activity, remote access, type of activity, new site, significant trends of that happening last year as a lot of companies pushed from onsite to remote, you know, they know, wait for their… their employees to get in. So they’re spinning up the nearest remote access capability tool that they have, you know, a team viewer, you know, basic simple, you know, spin up a Microsoft already P server in, you know, in… in Amazon with no, no two factor authentication. These attackers aren’t doing, you have some attack. Some groups are… are… are very… very… very sophisticated but most of them are not, they’re using simple things. So DNS, you know, in the sense of what do you allow, you know, in… in your environment? Do you allow remote access, type of tools? Do you resolve it on the internet? You know, Jake, you, jakes, remote service, dotcom that anybody could potentially find. So DNS again plays the role in the sense of, you know, it’s… it’s usual, you have a domain resolve to IP, get a presented site and log in?

JAKE

I’ve been involved in several DNS debates over the years. So I want to ask you how you respond. So what… what… What do you say to people that are on the side of the debate that people say DNS doesn’t play a great role and security? People can just hit the IP directly, right? You can, if DNS is… is causing the problems to be filtered or what route I’ll just use the IP directly. You think about some of the… the cloud SaaS, laughs that you know, are deployed and some of these other things out there filters et cetera. So, you know, if it’s really important to directly hit an IP address, not have to have DNS in the middle. So what… what is your… your thoughts? What people are saying are these important to tax already being relying or using them?

JENNIFER

Predominantly, if you are looking at later stage aspects in the attack, I would agree with you but not everybody’s gonna know the IP address, right off the bat, right? I mean, you have, in terms of internet facing IP addresses, sure. You could probably use a different type of scanner. You’re talking about what these more sophisticated adversaries are trying to do and the mechanisms that they ultimately use to conduct lateral movement. Needs to know what the internal layout of an organization or environment effectively looks like. Before you can just go to, you know, go to an IP address. So everything starts at the beginning and again, everything starts with, you know, thing starts with the domain name, whether it’s you know, I’m going to Jake at GE mail dot, calm, whether it’s I want Jake to click on my, you know, hijacked website or whether I want Jake to click on my phishing website, our world wraps around our knowledge of, you know, to use your analogy that Jake isn’t my phone, but I don’t know jakes phone number is, I know what, I know if I go to my phone book and I click on Jenkins and call him, I know quite answer your question, you know, directly specifically, but I’m trying to figure out how to articulate that it doesn’t yeah. Is it possible to attack without DNS? The answer’s yes. Is it… is it common? Absolutely? Not?

JAKE

What do you say to folks that don’t run their own DNS servers? So they don’t think they have any issues that they need to actually address?

JENNIFER

So, for people that don’t run their own DNS, you know, I think the first, my first initial reaction to that is, are you aware of what security your current DNS provider has put in place? You know, are you leveraging or maximizing, you know, the security features that they have? Did they support me? You know, are you… are you leveraging if they don’t are, you… you know, do they support and do you use, you know, DNS over TLS or DNS over HTTPS? There’s many different ways to check your provider and make sure you understand what security protection that they have put in place is probably my best and… and more factual. We’re more actual responses on that one.

JAKE

You did an interview that was published and… and the title was wisdom from the women leading the cyber security industry. And I have to be honest when I went to read it, the top call out was great. You were quoted as saying, don’t take crap from anyone. There is acknowledging that people are smarter than you or have a different ideal than you and that you can agree to disagree, but there’s absolutely no reason to think that you are less than who you are because of that. It was a great interview. I’m going to encourage our viewers to read. I will put the links in there, but I’d love, can you… can you give me sort of a quick recap of that sort? Share some thoughts about that article just, you know, thoughts about some of your wisdom in leading?

JENNIFER

That was in June! It’s now November!. I would actually literally have to go back and reread what I said, but I think some of the fundamentals are the same, you know, as, you know, as somebody who has come up the ranks, you know, especially in the cyber security field. And I’m not gonna say, you know, how many years I definitely don’t want to teach myself. But I do think migration here shows that just a little bit. No, the truth is… is that this is really my messaging… in that particular article was for those that are starting out in cyber security… cyber security space, it can appear very… very daunting. And do you think that in some cases there have been some generated stereotypes that really actually are true? Especially once you get to know people who’ve been experts in this field for quite some time about this, you know, elite or, you know, or closed door type of environment. I think anybody who’s interested in cyber security should reach out to… to, someone, reach out to me on LinkedIn, if you’re if you want to know more. But I feel like this space is such a great space to be. And I’ve been doing this for my entire career. I don’t know how not to do cyber security. I don’t know how not to work in this space. And the fact that I’ve been in… in this field for more than 25 years, you know, really is a testament to you not just the changing technologies and keeping up but how interesting it is on a day to day basis. So when you say don’t take crap from anybody that was really around, you know, some questions that I’ve been asked, you know, throughout my career about being told, you know, you don’t have the specific degree or you don’t have the specific certification, you know, or, you know, you’re not entry level enough for an entry level type of job. You know, go, you know, either go find, you know, go keep trying, you know, don’t… don’t take crap from anybody and tell you that you’re not good enough for that. You’re not interesting enough, you know, do what you need to do to figure out how to get your foot in the door.

JAKE

So, I want to stay on this… this topic for a little bit. I’m gonna ask you a little bit deeper question about career change or getting into cyber security. You know, I’ve… I’ve… I’ve tried to help a lot of people get into the security industry. And one of the things that I think most people are struggling with right now is that they… they just don’t have the experience on their resume that these places are looking for.

And then I think you kinda alluded to it in some of it’s just absurd, right? You know, it doesn’t make any sense. So, do you have any other recommendations for folks that they’re not taking crap from anyone? They’re trying the best they can, but they keep running into this. They don’t have prior experience. And so they’re not able to progress into getting that first job.

JENNIFER

Experience in general is one aspect of it. Interest in the security field is something different. I think my advice is… if you’re looking to get into cyber security, don’t be daunted by that prior experience necessarily being prior security experience. Really, you know, what you want to highlight is how you as a person have what you’ve done to learn more about cyber security yourself.

You know, I don’t see enough resumes of people who are transitioning into this field that say, I feel like a home lab. I did, you know, I’ve… I’ve you know, tested, you know, these very good I’ve ran security onion. I’ve installed my own proxy. I’ve reverse my own malware, I’ve read, you know, the book practical malware analysis. I’ve completed all the labs. I think when I, you know, see some of these entry level resumes and… and I… and I certainly, no, we… We have a number of entry level positions here as well. If you know, sir, I don’t see people advertising what they’ve done on the site or what they’ve done themselves enough. And I think that with the way that recruiting works in the way that you have, some recruiters are taught or informed by the hiring manager, or even by the nature of their job, you know, they’re looking for specific things they’re looking for. I worked at Crowdstrike for six years. You know, instead now when you look at these entry level type roles, I think there’s different ways to word it comes to, you know, that expresses the experience you have gained as an individual learner, and the type of person that, you know, for me, I’m going to be, you know, I don’t care if you’re transitioning from being, you know, the top chef, have a restaurant. If you’re in this field and you show me or you can tell me all the things that you’ve learned on your own because you have that kind of passion and that kind of… curiosity mask and… and definitely get you a conversation with me.

JAKE

I think that is some great feedback. And what I have been challenging folks that I’ve been talking to is that they need to show that they have that passion. A lot of folks that I’ve been running into here recently want to join a company and the company sort of trains them and tells them what to do. I do believe that it may not, maybe it’ll be the nicest thing to say but it’s the oddest thing to say that you need to put in some hard work in your own time and learn these things to what company that… that you have these capabilities. So I… I, everything you said, I agree now I’m gonna go into my next one here because, you know, for you, when I looked at your career, you know, starting as a practitioner, working your way to leadership now, holy calcio, right? You’re doing more things than just security obviously. So what are your, what are your, what’s your feedback or thoughts on how to figure out what disciplined, what security angle might be a good fit or of interest for them? Given that there’s just so much to do and security.

JENNIFER

That is a really good question. And honestly, the only answer I have is to try it, you know, at one point, I dabbled in policy and risk, you know, discovered that really wasn’t for me. I did the standard, you know, putting together supplier security programs with GE for example for the ton there. But that kind of security policy and risk management definitely wasn’t something that I was super enthusiastic about. I found my niece and my home and the incident response. And I discovered that because actually he said he handed me a laptop with a case on it and said here I need you to go do computer friends. I’ve never done it before in my life, but I found out that I had a passion for it and that I loved it and started out in friends lakes and E discovery and then move more into incident response and essentially answer response is definitely the link the part of my career but I didn’t know and I don’t you know, you can read, you can certainly read and you can certainly do research on different facets of information security. But I really don’t think I would have known unless I had tried different things.

JAKE

Alright. Coming in the home stretch here. So for companies that are struggling with too much work, too many assets, too many vulnerabilities, too much data, too many security vendors, trying to sell things to them. What do you say to people that say they have too much data and they don’t know how to use it? They don’t even know where to start.

JENNIFER

A very good question. And I think, you know, you’re walking into something like that. You know, walking into… walking into the security space, walking into an environment or even being in an environment can certainly be overwhelming. And where do you start? Are the answers very simple? You… you pick up, you pick eight points, you pick a point in time, you pick a system, you pick a system type, you pick, you know, a smaller site network. You know, the only way to start is truly at the beginning but the beginning has to be where you ultimately define it. And I don’t mean that to sound perfectly philosophical, but it really is just identifying the place you feel like you need to start at. So if you have a list of 10 things, nobody can do all 10 at once, you have to pick that number one, you know, one through three, me, if it even boils down to that, right down, the 10 things kind of peace, cut up the pieces of paper, put them in a hat and pull them out, but just pick a place to start.

JAKE

Alright, general. So what’s the next big thing? Is there anything that we have yet to uncover using DNS that we haven’t talked about? Anything else on your mind that you want to share with us?

JENNIFER

So, I would definitely say, you know, make sure that you follow DNS Filter. We have a number of things on our road map and some very interesting research and development that we have going on in the back end right now. We’ll be talking a lot more about that early next year, but I think there’s fascinating, you know, there’s definitely been some fascinating analysis and research that we’ve discovered some of that, you know, we’ve kind of touched on a little bit in our threat report, but emit new, what we’re really looking to be able to do is expand on, you know, that data analysis, you know, in next year threat report as well. So going beyond just, you know, talking about the XYZ ETL DS, but really talking about a lot of the behavior that we’re ultimately seeing around that you’d be surprised at how many, you know, when you’re… when you’re looking at new DNS or when especially when you’re looking at domains and what correlations and relationships that you can start to understand… understand and identify patterns from, or even in some cases, some fun aspects of being able to… to identify potential, you know, we’ll call it a bit of a Crystal ball and being able to see what potential trends may come up.

JAKE

Alright, Jennifer Ayers, Chief Operating Officer, at DNS Filter. Thank you so much for joining us. I really appreciate you taking the time to share your valuable insights today.

JENNIFER

Thanks, Jake. It’s been, it’s certainly been a pleasure and I hope we have the opportunity to do this again.

Our products
The Platform
Risk Based Intelligence
Learn more
VulnDB
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
YourCISO
Risk Management
Learn more