OpenDNS recently unveiled the Umbrella Security Graph, a new tool that enables researchers to not only analyze known threats, but to predict future threat origins as well. The revolutionary tool combines Big Data analytics, graph theory, artificial intelligence and a new tactic that the Umbrella Security Labs research team calls co-occurrence.

To better explain why Big Data is more than just a buzz phrase, we can look at what Big Data means to OpenDNS’s Umbrella Security Labs research team today. Unlike other security vendors that rely heavily on collecting malware samples and creating signatures, and in some cases observing malware behaviors and creating heuristics, Umbrella Security Labs is focused on analyzing the spatial and temporal patterns of connections between malicious Internet hosts.

In order to do so effectively, the team must harness massive sets of data. Fortunately, the infrastructure we’ve built out to provide DNS and security services to a massive worldwide audience provides exactly that. More than 50 million people use OpenDNS, and 40 billion DNS queries are Anycast routed via BGP through our 13 globally-distributed datacenters each day. As a result, we can observe the interconnected fabric of the Internet and how hosts are related at any given time. We use that anonymized data to draw conclusions about known threats that ultimately help us predict where threats will come from in the future.

unknown threats

Our team has already leveraged the Big Data analysis to expose details on Red October, the NBC.com attacks, and the recent attacks that Mandiant has linked to Chinese espionage.

To further explain how the Big Data is driving the transformation of Internet security, we compiled a technical exploration of how security vendors can leverage graph theory, advanced algorithms, crowd sourced categorization and cloud-delivery platorms. The whitepaper explains in detail how Big Data can help vendors deliver protection not just for known threats, but also for unknown threats.

download