Overwhelmed by security data? Science to the rescue
When Charles Givre, lead data scientist at Deutsche Bank, teaches security teams about the benefits of applying security data science techniques, he often focuses on a common malware tactic: domain-generation algorithms.
Used by malicious programs to establish contact with a command-and-control server, domain-generation algorithms, or DGAs, create a list of domain names as potential contact points using pseudo-random algorithms. The domains change often – usually daily – and can look random or use random words.
For humans, finding a single computer’s call to a random domain is a difficult problem. Yet data analysis can quickly call out the anomalous communications.