Such analysis of DNS traffic has a significant application within information security and computer forensics, primarily when identifying insider threats, malware, cyberweapons, and advanced persistent threat (APT) campaigns within computer networks.
While a primary driver for DNS Analytics is security described below, another motivation is understanding the traffic of a network so that it can be evaluated for improvements or optimization.
For example, DNS Analytics can be used to gather data on a lab where a large number of related requests for PC software updates are made.
Research within the public domain shows that state-sponsored malware and APT campaigns exhibit DNS indicators of compromise (IOC).
[8] These malware and APT campaigns can be reliably identified within computer networks through the use of DNS analytics tools.