Black Hat 2023: The DNSFilter Recap with David Elkind & Nick Saunders

I sat down with David Elkind, Chief Data Scientist, and Nick Saunders, Product Manager, to talk about how Black Hat went for the DNSFilter team. The three of us attended numerous briefings, trekked through the business hall, and put a few miles on our DNSFilter Nikes.

 

“What was your favorite talk?”

David already published his thoughts on LLM and generative AI talks in particular (and the inability to escape them), and he had one favorite by CyCraft Technology

In our chat, David had this to say on the CyCraft talk: “As the chief data scientist, I spend all day every day thinking about different kinds of AI machine learning models and how they can fit into the DNSFilter product and just the broader security landscape… [CyCraft is a] company that does incident response and their approach, I thought, was very clever. They wanted to find a better way to find malicious command lines on Windows…And what they realized was that a large language model, since it's designed to parse natural languages—human languages—it might also be very effective at parsing command lines and understanding and interpreting the command line and therefore making inferences about risk…and all sorts of other questions that you really want to answer in a security setting.”

As for Nick’s favorite talk, he was a fan of a slightly different AI talk that focused on phishing: Devising and Detecting Phishing: Large Language Models (GPT3, GPT4) vs. Smaller Human Models (V-Triad, Generic Emails). “Well, speaking of the main topic du jour, I did a track on LLMs in phishing, which I thought was a pretty interesting application. A lot of the ones were focusing on how to identify malware with an LLM, but this one is actually putting it to use to create pretty convincing-looking emails.”

Black Hat Conference

And that’s what a lot of talks at Black Hat centered around: AI is moving quickly, and we need to be aware of the malicious applications that are already in-use so that we can combat them. 

In a way, this was highlighted in the keynote by Azeria (AKA Maria Markstedter) where she discussed how reactive companies have been in regards to AI. It actually mimics how companies reacted to the proliferation of the iPhone. Security wasn’t necessarily taken into account, but companies moved quickly to make sure they were at the bleeding edge. 

Similarly, threat actors have always done the same. They are some of the earliest adopters. 

Despite the overwhelming number of AI talks, David was happy to have more to choose from. “It used to be that finding the AI or machine learning talks—which are my area of interest—would mean I would find, you know, three or four [talks], and then I'd have to figure out what I would do. But this year…they were all stacked up, and I had to pick which machine learning talk I wanted to go to at a particular time slot, which is a little bit stressful, but I was glad to get more content.”

Where in the world is protective DNS?

One thing I noticed in attending numerous briefings (some related to DNS, others around general security precautions to take) is that protective DNS was sometimes left out of the conversation where it probably should have been included. 

I asked David and Nick why they think protective DNS doesn’t get mentioned in these security conversations when we’re talking about how to block these threats.

David: “Well, there's definitely an attitude that because DNS is so old and so fundamental that there's no real need to think about security because all the security stuff has already been thought about, right? ‘There's no new terrain to be covered’, I think. And that's probably a bit of a simplification because it's so fundamental. That means that it's going to be everywhere, it's going to be omnipresent, and it's going to be a very powerful tool if you can find a way to misuse it. So continuing to level up the protective capabilities of DNS is going to be a key part of security going forward.”

Nick: “ It is basically table stakes is kind of how I could see it as well. The reason people aren't bringing it up as an explicit solution is, as David mentioned, it has been around for a while.”

But protective DNS is fundamental to securing organizations, and the very first layer of defense. When we’re talking about simple but powerful actions organizations can take to secure their perimeter, this is the big one. Though…we might be biased.

David summed it up nicely when talking about protective DNS and securing DNS in general: “It's definitely part of our job to raise awareness about the different ways that DNS can be protected, right? There's all the privacy components like the encryption and things like that. There's the authentication piece as well. But there's also the filtering component, which is determining which queries are related to malicious activity and how we should handle those.”

How should you start handling that malicious DNS traffic? Start your free trial of DNSFilter today for step one

Maybe next year the topic du jour should be protective DNS.

Search
  • There are no suggestions because the search field is empty.
Latest posts
A Smarter Way to Manage Roaming Clients: The New DNSFilter Experience A Smarter Way to Manage Roaming Clients: The New DNSFilter Experience

Managing endpoint security across an organization—whether as an MSP overseeing multiple customers or an admin overseeing a tech stack—should be simple, efficient, and effective. That’s why we’re excited to introduce a revamped Roaming Client management experience, designed to provide greater confidence and ease in managing your fleet of DNSFilter Roaming Clients.

What the ISO 27001 Regulation Means for DNS Security in 2025 What the ISO 27001 Regulation Means for DNS Security in 2025

Why DNS Security Matters for ISO 27001 Certification

DNS security is more than just a technical concern—it’s a pillar of ISO 27001 compliance. As businesses work to protect sensitive data, secure network infrastructure, and meet regulatory requirements, DNS security solutions play a critical role in achieving ISO 27001 certification and ensuring compliance with evolving security standards.

Platform, Fires, and You: Navigating the Fine Line Between Operations and Development Platform, Fires, and You: Navigating the Fine Line Between Operations and Development

The Old-School Operations Role: Backbone or Bottleneck?

In the early days of IT, the operations team was the unsung hero—the silent, and often siloed, force that kept everything running. They were responsible for the infrastructure: Servers, databases, and networks that powered the business. They managed deployments, monitored systems, and ensured uptime. If it was working, no one noticed them. If it wasn't? Well, then the questions started: "Wha...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.