Discover how ExtraHop’s groundbreaking open-sourcing of a vast 16 million-row dataset is revolutionizing cybersecurity defenses. Explore their initiative to combat algorithm-generated domains (DGAs) and promote collaboration within the cybersecurity community, enhancing security for organizations of all sizes.
ExtraHop, a prominent player in the field of cloud-native network detection and response (NDR), has made a significant announcement today. They have chosen to open source their extensive dataset, comprising an impressive 16 million rows of data, which stands out as one of the most comprehensive datasets available. This move is aimed at bolstering defenses against algorithm-generated domains (DGAs) and leveling the playing field for defenders. The objective is to empower organizations of all sizes to enhance their security measures against malware and botnet activities.
In the midst of an expanding cybersecurity skills gap, which has surged by 26% in the past year, and diminishing resources, the cybersecurity landscape is evolving rapidly. As new threats continually emerge, the provision of open-source research and datasets emerges as a viable solution to address the daily challenges faced by security teams.
Raja Mukerji, the Chief Scientist and Co-Founder of ExtraHop, emphasized the significance of this initiative in the realm of security. He stated, “The security challenges we confront are formidable and ever-changing. With this initiative, we are democratizing the tools essential for threat research detection, making them accessible to security teams regardless of their size, backgrounds, or industries. Collaboration within the cybersecurity community is invaluable, and sharing our best work is the most effective means to maintain the upper hand and put attackers at a disadvantage. Our research has the potential to be a game-changer for the community, and we encourage other teams to follow suit by open sourcing their insights for the greater benefit of the industry.”
ExtraHop’s commitment to fostering collaboration within the industry is evident in their release of the DGA detector dataset, comprising over 16 million data entries, on GitHub. This release aims to aid security teams in the early identification of malicious activities within their environments, preventing them from evolving into significant business problems.
DGAs are tactics employed by threat actors to establish control within an organization’s network, making it arduous to detect and counteract their attacks. Originally developed for ExtraHop’s acclaimed NDR platform, Reveal(x), this research is now available to any security researcher who wishes to build their own machine learning (ML) classifier model for the rapid identification and intervention of DGAs in attacks. The ExtraHop DGA model, after its implementation in Reveal(x), has exhibited an accuracy rate exceeding 98%.
Todd Kemmerling, Director of Data Science at ExtraHop, emphasized the growing threat posed by DGAs to businesses today, stating, “DGAs are increasingly recognized as a significant threat to businesses, as they grant threat actors the ability to operate surreptitiously. During our development of a DGA detection model, it became evident that there was a dearth of publicly accessible datasets tailored to security teams with varying resources. With this dataset, we aim to bridge that gap, ensuring that every security team has access to the pivotal data required for swift DGA detection.”
ExtraHop’s decision to open source their extensive dataset represents a significant milestone in the ongoing battle against cyber threats. By democratically sharing their invaluable research, they are not only empowering security teams of all sizes but also fostering collaboration within the cybersecurity community. As the digital landscape continues to evolve, the availability of such resources becomes increasingly vital in staying ahead of adversaries. ExtraHop’s dedication to fortifying defenses against algorithm-generated domains is a testament to their commitment to a safer digital world. This initiative serves as a beacon of hope in the face of growing cyber challenges, emphasizing that together, as a united front, we can effectively confront the ever-changing landscape of cybersecurity threats.