A
system, method and computer-readable medium for mitigating cybersecurity risk by analyzing
domain name system (DNS) traffic, including detecting a
network communication propagated over a
computer network, the
network communication comprising
a domain identifier, monitoring DNS traffic to and from one or more DNS servers relating to the domain identifier, the DNS traffic including one or more DNS queries and one or more corresponding responses, extracting information from the monitored DNS traffic to generate a
record identifier, updating a DNS
metadata record stored in memory and associated with the
record identifier based at least in part on the monitored DNS traffic, the DNS
metadata record including one or more occurrence
metrics associated with instances of the domain identifier in previous DNS traffic, determining whether the one or more occurrence
metrics are indicative of a cybersecurity risk, and activating one or more mitigation actions based at least in part on a determination that the one or more occurrence
metrics are indicative of the cybersecurity risk.