HYAS Product Release News May 2024


We’re back this month with a fresh batch of killer updates for both HYAS Protect and HYAS Insight!

HYAS Protect, our advanced threat detection and response solution, leverages DNS security to provide real-time analysis and proactive defense against cyber threats.

HYAS Insight, our investigative and attribution platform, offers deep visibility into adversary infrastructure, empowering security teams with the intelligence needed for effective threat hunting and incident response. This release focuses on boosting visibility, enhancing control, and improving ease of use. So, buckle up and get ready to dive into the latest and greatest features we’ve rolled out, starting with the newest updates on HYAS Protect!

Log Automation with Amazon S3 Storage

We’re kicking things off with a bang – Log Automation with Amazon S3 Storage! Have you ever wanted to enrich your SIEM/SOAR platform with the DNS logs captured by HYAS Protect? Well, now you’re in luck! Now, you can easily do that right from the HYAS Protect UI. Simply enter your S3 bucket information, verify the connection and you’re off to the races. All DNS logs captured by HYAS Protect will be sent to that bucket in regular intervals for retrieval by your SIEM/SOAR. Why import DNS logs into your SIEM/SOAR you ask?

There are plenty of reasons, but let’s quickly highlight some of the top benefits:

  • Improved Detection Accuracy: Correlating DNS logs with other data sources reduces false positives and improves the accuracy of threat detection.
  • Faster Incident Response: Enhanced context allows for quicker investigation and response to incidents, as security teams have a fuller picture of the events leading up to and following an alert.
  • Comprehensive Security Posture: Combining insights from various data sources provides a more holistic view of the network’s security posture, helping in identifying gaps and improving overall defenses.
  • Contextual Alerts: Correlated data generates more context-rich alerts, allowing security teams to prioritize and tackle the most critical threats effectively.
  • Enhanced Visibility: Comprehensive view of both DNS queries. This detailed visibility allows you to gain valuable insights into overall network activity. By monitoring these DNS requests, you can track user and device behavior across your network, making it easier to detect anomalies and unusual patterns. This continuous monitoring helps identify potentially suspicious activities, such as unauthorized access attempts, unusual data transfers, or deviations from typical user behavior, thereby strengthening your organization’s security posture.


Image one May 2024 product release

Centralized Product Documentation

Why have documentation in one place when you can have it in two? Wait, strike that, reverse it. We realized it would probably be much less confusing if we combined our documentation into one centralized repository. Now, you’ve got a single source of truth for all things HYAS Protect and HYAS Insight in their respective UIs. You’ll be able to finish that painting of your Grandma with all of the time you’re going to save.

Image two May 2024 product release

Global Resolver IP Visibility

HYAS Protect has DNS resolvers strategically placed all over the globe. But until this latest release, you’d never know it! Previously, only the US East and US West resolvers were visible in the UI. Now, you can see all the globally available resolvers at your fingertips, ready for you to choose from. Whether you’re after super speedy DNS resolution or want to keep your traffic within certain geographical areas (or both!), you now have the power to view and select all resolvers.

Uninstall Agent Directly from Central Console [Ltd Availability]

We’re ramping up our Central Management capabilities with a brand-new feature: the ability to uninstall the HYAS Protect Agent directly from the Central Agent Management console. No more manual uninstalls or jumping through hoops! Right now, this feature is available on a limited basis, but don’t worry—our next release will roll this out to everyone very soon. This enhancement means greater control and flexibility for Admins and less hassle for your end users. A win-win!

Local Short-term Disabling of Agent [Ltd Availability]

Harkening back to one of this month’s central themes of control, end-users now have the ability to temporarily disable the agent directly from their local machine. This allows users to manage their security settings with greater flexibility, ensuring they have the autonomy to make quick adjustments when necessary.

Whether for troubleshooting or other needs, this added control enhances the overall user experience and aligns perfectly with our goal of putting more power into the hands of all users. Not too much power though, this feature is only available on a limited basis while we build the ability for admins to configure its availability via the UI for the next release.

Visibility of User ID in Agent Central Console [Ltd Availability]

I know, I know, more capabilities we’re adding in on a limited basis that you may not see in your UI yet. We’re just so excited about all of this cool stuff, we couldn’t help but let everyone know. Bare with us as we wrap up the formalized testing before we roll all this cool stuff out shortly.

Anyway, back to our regularly scheduled programming. Unless you’re a human phonebook, remembering which devices belong to which users can be a real challenge. But don’t worry, we’ve got you covered! Introducing the new “Identity” column in the Manage Agents section. This feature shows you the user logged into each device and refreshes regularly to ensure it’s always up to date. Now, you can finally ditch that sticky note mapping devices to users from the side of your monitor and use it to cover that maintenance light on your car’s dashboard.


Image three May 2024 product release

Simplified Agent Upgrade with Automatic Uninstallation [Ltd Availability]

While we’re all about hard work here at HYAS, we don’t want you to have to work hard while using our products. That’s why with this update, the Agent can now detect and automatically uninstall older versions. Gone are the days of manually uninstalling older versions before updating to the latest version. Now, it all happens automagically.

Phew that’s alot! But wait! There’s more! Those were only the HYAS Protect updates. Next, we’ll spend some time on the HYAS Insight Updates.

Improved ASN Visibility in Malware Infrastructure Dashboard

You may remember earlier this year when we released the MWI, or Malware Infrastructure dashboard. This dashboard offers insights into the hundreds of thousands of individual pieces of malware that HYAS detonates daily. It helps you track trends, gather more information, and gain better visibility into the world of malware.

As part of this comprehensive overview, HYAS includes a Distribution by Top C2 ASN Countries chart. Often, this chart provides a wealth of information, which is fantastic, but too much data at once can be overwhelming. That’s why we’ve added new functionality to the chart to make it easier to understand. Now, when you click on a country’s flag below the chart, it will refresh to show only the ASNs related to that country. This makes the chart easier to read when drilling down into specific data.

This image shows what the chart looks like when hovering over a country flag:

Image four May 2024 product release

The bottom image shows what the chart looks like when you click on the country flag to show it’s related ASNs:


Image five May 2024 product release

Integration of Current WHOIS Data in WHOIS Panel

Because more is always better, we’ve now taken data from the current WHOIS panel and added it to the Historical WHOIS section. It used to be a real hassle not having all the WHOIS data in one central place. Checking two separate spots for current and historical WHOIS data was downright silly. Now, you can find everything you need in one spot, making it much easier to access and manage all your WHOIS information efficiently.

Additional Reading

Sign up for the free HYAS Insight Intel Feed

How to Stop Phishing Attacks with Protective DNS

How to Select a Protective DNS Solution