Breaking Badness Why DNS Is Still the Biggest Blind Spot in Threat Intelligence
Jul 10, 2025
In this insightful discussion, guests Renee Burton, the DNS threat expert from Infoblox, Raymond Dijkxhoorn, a high-tech engineering veteran, and Peter Lowe, a passionate security ambassador from FIRST.org, dive deep into the realm of DNS-based threats. They highlight the complexities of threat actor behaviors and the challenges of evolving detection methods. Topics like TLD abuse, aging domains, and the necessity of industry collaboration come to the forefront. Their conversation underscores the urgent need for improved data sharing and transparency to combat these cyber risks.
AI Snips
Chapters
Transcript
Episode notes
Need for DNS Data Sharing
- DNS-based threat intelligence relies heavily on data sharing and collaboration across industries.
- Current barriers in sharing hinder collective defense efforts against adversaries exploiting DNS.
Clarity in Domain Definitions
- Clarify definitions like what constitutes a domain to improve understanding.
- Explicitly outline methodology in reports to aid replication and validation by others.
Domain Risk Scoring Challenges
- DNS-based domain risk scoring involves many variables and is not an exact science.
- False positives and negatives exist due to complex domain behaviors and adversary tactics.