June, 2026
Attackers are constantly searching for ways to blend into your day-to-day network traffic. One of their favorite hiding places is the Domain Name System (DNS). Because DNS is essential for standard internet operations, it is rarely blocked, making it a primary vehicle for cybercriminals looking to fly under the radar.
Through a technique known as DNS Tunneling, attackers encode malicious data or commands inside seemingly normal DNS queries. This allows them to silently exfiltrate sensitive data out of an organization or maintain a backdoor connection to command-and-control servers, entirely bypassing traditional security defenses.
To help your team shine a light on these hidden communication paths, we are excited to announce that DNS Tunneling Incidents are now live in the Lumu Portal.
Clear Visibility into Covered Channels
This new feature expands your visibility into protocol abuse, ensuring full visibility into exfiltration attempts. With this release, key capabilities include:
- Exfiltration Detection: Automatically flags devices that use DNS to tunnel data and track total records, along with specific upload and download volumes (in KB), to help you instantly understand the severity of the leak.
- Pinpoint Affected Assets: Instantly see which specific server or database is generating the rogue traffic and get the exact context needed to isolate the threat immediately.
- Minimize Attacker Dwell Time: Catch stealthy data exfiltration early in the attack lifecycle before critical data leaves your network.
This feature is already active in the Lumu portal. To learn more, please visit our DNS Tunneling Response Playbook.
