惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
F
Fortinet All Blogs
阮一峰的网络日志
阮一峰的网络日志
Apple Machine Learning Research
Apple Machine Learning Research
爱范儿
爱范儿
WordPress大学
WordPress大学
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
罗磊的独立博客
S
SegmentFault 最新的问题
V
V2EX
V
Visual Studio Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
博客园 - 三生石上(FineUI控件)
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
MyScale Blog
MyScale Blog
D
Docker
Google DeepMind News
Google DeepMind News
Blog — PlanetScale
Blog — PlanetScale
M
Microsoft Research Blog - Microsoft Research
Martin Fowler
Martin Fowler
S
Secure Thoughts
B
Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Recent Announcements
Recent Announcements
MongoDB | Blog
MongoDB | Blog
C
Cisco Blogs
C
CERT Recently Published Vulnerability Notes
T
True Tiger Recordings
GbyAI
GbyAI
P
Proofpoint News Feed
P
Privacy International News Feed
Jina AI
Jina AI
The Cloudflare Blog
I
Intezer
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Security Archives - TechRepublic
NISL@THU
NISL@THU
The Register - Security
The Register - Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
S
Schneier on Security
L
LINUX DO - 热门话题
C
CXSECURITY Database RSS Feed - CXSecurity.com
Security Latest
Security Latest
C
Cybersecurity and Infrastructure Security Agency CISA

Cisco Blogs

Powering Modern Data Workloads with Cisco UCS and Qumulo The Fundamentals of AI: What every curious person should know about how language models work The impact of AI on wide area network traffic: we need to talk Cisco Live 2026 Las Vegas: Explore AI and automation across the network One open NOS, any workload: SONiC on Cisco Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files Cisco Partners With College Board to Launch AP Cybersecurity and Expand Career-Connected Learning Fueling “The Greatest Spectacle in Racing®” AI-generated reporting: Lessons learned from Cisco Talos Incident Response Cisco Named a Leader in the 2026 Gartner® Magic Quadrant™ for Enterprise Wired and Wireless LAN Infrastructure AI network performance with Cisco Intelligent Packet Flow Building a world-class employee experience | FY25 Purpose Report Real-World Skills for Real World Challenges: AI-Led Updates Across Cisco Certification Portfolio Learn with Cisco at Cisco Live 2026: Your Week for Skills, Certs, and What’s Next Cisco N9000 excels in EANTC 2026 VXLAN EVPN and timing tests Innovating at the Speed of Business: Announcing the Customer Achievement Awards AMER 2026 Finalists Future of Sports Analytics: Building Trust and Intelligence with SūmerSports and Cisco Accelerate Your Career and Impact with CCNA Certifications Skills-based volunteering for the AI era: Inside Cisco’s first Tech for Social Good Hackathon Cisco Live 2026: Bringing the Future of Customer Experience to Las Vegas Mission-First: Equipping the Digital Warfighter at AFCEA TechNet Cyber 2026 Edge opportunity for service providers: Turn infrastructure into new services MRC and SRv6: How Foundational Networking Innovations Are Enabling the Next Generation of AI Supercomputers The SMB Marketing Reset: Winning Customer Trust in a Digital-First Economy Our Path Forward Securing the Federal Digital Experience with Cisco ThousandEyes for Government State-sponsored actors, better known as the friends you don’t want Cisco at ONUG Dallas 2026: Securing the AI Data Center in the Agentic Era Cisco and Red Hat are powering intelligent core to edge: Red Hat Summit insights Building the Capabilities That Win: How Cisco Partners Can Lead in the SMB & Mid-Market Era How Two Hours Felt Bigger Than My To-Do List Announcing Foundry Security Spec Ace the CCIE Collaboration Lab: Success Tips from a TAC Engineer Turned CCIE Improving Labeling Consistency with Detailed Constitutional Definitions and AI-Driven Evaluation Protecting Agents with Cisco AI Defense and Google Agent Development Kit Powering an Inclusive Future: Your guide to the Purpose Pavilion at Cisco Live Las Vegas The Infrastructure Behind the Mission: SOF Week 2026 Cisco Networking App Marketplace Partners at Cisco Live 2026 Beyond the Pilot: Building the Clinical Data Fabric for the Agentic Era Benchmarking scale-out AI fabrics with Cisco N9000 + AMD Pensando™ Pollara 400 NICs Month of Developer Productivity: Build and Forget The race to autonomous transport networks: A new study Lean IT, future-ready: How to save time and simplify wireless management with AI Reading Between the Pixels: Failure Modes in Vision Language Models Biochar’s triple win: Healthier soils, improved crops, and decarbonization Designing a Proactive Customer Journey Modernize your data center operations with Cisco Nexus Dashboard Why your automation stack needs Cisco Agentic Workflows Try Cisco AI Defense Explorer Edition in this hands-on lab From Bandwidth to Intelligence: How Cisco is Powering AI-Ready Networks Spotlight on digital transformation | FY25 Purpose Report Galaxy Mode is live: A limited-time look at what your Cisco AI Assistant and AgenticOps can already do Securing the Agentic Workforce: Cisco Announces Intent to Acquire Astrix Security Understanding CISA BOD 26-02: Mitigating Risk from End-of-Support Edge Devices Digging Deeper: The Future of Mining with Automation and Ultra-Reliable Wireless Voices from the field: Helping farmers build resilient local economies across rural America Built like a startup, scaled like Cisco: Transforming data center cooling for the AI era Defining Model Provenance: A Constitution for AI Supply Chain Safety and Security Introducing Model Provenance Kit: Know Where Your AI Models Come From Security Insights: A Threat-First View for the Platform That Enforces Access How I Turned My Curiosity into a Patent From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future Maximizing Managed Security Services: A Strategic Guide to Optimizing Your Portfolio (Part 1 of 2) Simplify access control in five easy steps Trust: Why security is your next growth engine Cisco IQ is generally available. Here’s what that actually means. From Vision to Reality: Intelligence in Action with Cisco IQ How connectivity is shaping the future of surgical care The power of your network: Solving a physical security incident on Vision portal 5 signs your data center is holding your AI strategy back Stop Overthinking OT Security: The Total Cost of Ownership and Being Smart with Refreshes AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Scaling the digital future: Why AI and skills investments matter for business and society Expanding our Product Organization Recap Scaling the Future: Reddit AMA on Network Automation at Scale Product sprints for developer-oriented portals and content Bringing Professional-Level Skills to Cisco Networking Academy Announcing Cisco Availability in Google Cloud Marketplace: A New Path to Scalable, Partner-Led Growth The Innovation Paradox: How We Reduced Incidents by 25% While Deploying Faster Funding the AI-ready data center: Why flexibility wins The switch that quantum networking has been waiting for From a Message I Couldn’t Believe to a Stage I’ll Never Forget The Hidden Bottleneck Slowing Down Manufacturing Transformation 30 Years as a CCIE: Why Certifications Matter in the AI Era Securing Enterprise AI: Cisco AI Defense Expands to Google Cloud How ThousandEyes Closed the Cloud Visibility Gap by Solving It Themselves First Energy Will Define the Scale of AI Introducing the AI Agent Security Scanner for IDEs: Verify Your Agents Stop Overthinking OT Security: People, Process and Technology Powering the Future of Research: Join Cisco at NLIT 2026 Building the Digital Foundation for a Smarter West Lincoln Memorial Hospital How Cisco built an AI-RRM that maximizes your wireless solution From Automation to Autonomy: Cisco and Rockwell Power a New Era for Manufacturing Unlocking the Future of Fan Engagement: The Power of VisionEDGE Find Yourself in the Future: AI Is the New Baseline—Here’s How to Build Your Skills One Day with Our Customers: Driving better outcomes through customer centricity What It Really Takes to Build an AI-First Workforce From Connectivity to Security: How E80 Future-proofed its AGV Operations with Cisco The Infrastructure of a Floating City: AIDA Cruises’ CX-Led Digital Transformation Scaling your network for AI without a forklift upgrade
Inside the SOC: AI-powered DNS defense against ransomware
Bill Spry · 2026-05-14 · via Cisco Blogs

In the modern security operations center (SOC), the biggest challenge isn’t always a lack of data — it’s the lack of meaning. Analysts are often drowning in telemetry, trying to distinguish the calculated movements of a threat actor trying to blend in with normal traffic from the noise of a global network.

Compounding this challenge is that many traditional security tools attempt to prevent threats based on what they have already seen, not on what could potentially happen.

The complexity of a ransomware attack, unfolding through multiple stages, highlights many of the challenges SOC teams face every day. For an analyst, these events are often fragmented. If the SOC isn’t configured to understand threat patterns, they appear as separate alerts in separate dashboards, forcing the human to manually stitch together the “who,” “what,” and “where.”

At Cisco, we believe that security should go beyond enforcement; it must understand intent. Today we’re releasing our new AI-powered DNS defense platform, available within Cisco Secure Access and powered by Cisco Talos intelligence. With AI-assisted algorithms, it brings a new predictive layer of defense to DNS.

These new capabilities bridge the gap between how users connect to the network and how the network is protected, enabling proactive, intelligent defense.

Let’s walk through how that looks during a ransomware attack, with a focus on how DNS-based threats play a role in malware delivery, data exfiltration, DNS tunnelling, command-and-control (C2) communications, and access to phishing domains.

How Cisco disrupts the ransomware lifecycle (DNS focus)

Cisco Talos DNS Security (fully integrated into Cisco Secure Access) detects obfuscated data hidden in DNS packets, the core of internet communication. Advanced AI-driven detection, including domain generation algorithm (DGA) analysis, proactively identifies and predicts malicious domains, stopping threats before they impact your organization.

By embedding predictive intelligence from Cisco Talos directly into Secure Access, we are able to disrupt the attacker’s workflow at multiple critical stages of a ransomware attack:

  • Initial Access: Ransomware can enter through a few doors—from malicious links (phishing is still the most common entry point, appearing in 40% of Cisco Talos Incident Response cases in 2025) and drive-by downloads to exploited vulnerabilities. Cisco Secure Access uses Talos DNS Security intelligence to analyze the intent of every destination, and proactively blocks connections to malicious sites, malware delivery servers, and suspect infrastructure.
  • Blocking C2 connections: Once malware is on a device, it must establish a command-and-control (C2) channel to receive its encryption keys. Through Talos DNS Security, Talos’ custom built machine learning models detect the unique “lexical texture” of algorithmically generated domains (DGA) used by attackers. By identifying these machine-made patterns, we block the communication channel at the onset, leaving the ransomware actor unable to execute its attack.
  • Preventing lateral movement: Cisco Hybrid Mesh Firewall benefits from real-time intelligence from Talos, which means it can also recognize the “fingerprint” of an active breach. If a compromised device attempts to scan the network or move laterally to sensitive servers, the firewall leverages Talos-authored SNORT® rules to identify exploit attempts and the Encrypted Visibility Engine (EVE) to detect malicious activity — even within encrypted traffic. By combining these granular detection capabilities with strict segmentation, the firewall enforces strict segmentation policies, trapping the threat in a “virtual cage” and ensuring organizations have layers of defense across their environment.
  • Identifying and preventing data exfiltration: Before encryption begins, threat actors may attempt to smuggle data out using covert DNS tunneling. Convolutional neural network models built within Talos DNS Security are able to detect and prevent such threats by analyzing the structure of domain names and behavioral patterns in DNS requests. Through Cisco Secure Access, we block suspicious requests at the DNS resolver, stopping the data from leaving the network and ensuring sensitive information stays protected.

As a result, instead of chasing fragmented alerts that may not indicate that an attack is imminent, your security team benefits from a unified, predictive defense. We reduce the noise for your analysts, and help to stop ransomware before it can escalate into an organization-disrupting breach.

The view from the SOC

An analyst’s dashboard suddenly signals an early alert: a sharp increase in DNS queries to suspicious domains. Talos DNS Security’s predictive blocking within Cisco Secure Access stops these domains before the activity spreads, allowing the analyst to focus on real threats instead of noise.

As the analyst investigates, Secure Access provides detailed charts with embedded “slice profiles” that provide a contextual snapshot of which clients, subdomains, and protocols caused each spike. Unlike traditional security systems that only show activity volume, the analyst doesn’t need to dig through raw logs. They can quickly see a trend, understand the exact sources and behaviors behind it, and map out the potential ransomware attack.

Soon after, the analyst notices that Secure Access is flagging domains with high lexical risk scores and coordinated client activity — classic signs of a DGA-based C2 attempt. Secure Access blocks these domains immediately, cutting off the ransomware actor’s communication channels before they can take hold.

The new standard for defense

When your security tools enable you to shift from manual log-stitching to automated threat disruption, the SOC dynamic changes:

  • From alert triage to contextual investigation: Instead of manually correlating a DNS request with a firewall log, the shared intelligence provides a complete, pre-correlated narrative. When an alert triggers, your analysts now have the “who,” “what,” and “where” already attached to the event.
  • From “Whack-a-Mole” to campaign blocking: Because Cisco Security products have integrated Talos intelligence, you stop blocking individual IPs and start blocking entire campaign infrastructures. When a phishing lure or a DGA-based C2 channel is identified, the enforcement is applied across the entire mesh, preventing the attacker from simply pivoting to a different part of your network.

In an era where ransomware actors heavily employ stealth and defense impairment tactics, this integration ensures that your security stack acts as a single, cohesive system; a unified defense that shares context across every layer — cloud, branch, and data center — to stop threats at speed and scale.

Learn more about how Talos powers the Cisco Security platform here.

Learn more about how Cisco is extending DNS-layer protection in the Cisco Secure Access community with AI-driven DGA detection and Secure Access DNS Defense.

We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。