DNS Security - Proactive Malware, Phishing & Data Exfiltration Protection

The Domain Name System (DNS) is the backbone of the modern Internet. Over the years, it has evolved to make networked computing accessible to everyday users. However, it has also introduced new DNS security threats, such as distributed denial-of-service (DDoS) attacks (as well as other attack types; NS Cache Poisoning and Spoofing, IoT botnet DDos, DNS amplification, Fast-flux DNS, NXDOMAIN flood, Slow drip, TCP SYN flood, Domain brute Force, Reverse lookup, Zone Transfer, Zone walking) – schemes designed to redirect users to malicious websites and more.

The enterprise threat landscape is fast evolving. Targeted threats such as malware, ransomware, data exfiltration, and phishing are increasing in volume, and malicious actors are getting better at circumventing traditional security approaches. Combined with the adoption of SaaS, Cloud, and IoT in the enterprise, more sophisticated threat delivery has introduced new visibility challenges, control-point complications, and security gaps.

The Solution: Enterprise Threat Protector

Enterprise Threat Protector (ETP) from activereach enables security teams to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, and data exfiltration that exploit the Domain Name System (DNS). Powered by real-time intelligence from the world’s leading cloud security intelligence service and globally distributed recursive DNS platform, Enterprise Threat Protector efficiently delivers security, control, and visibility to the enterprise while easily integrating with your existing network defences.

Use Cases for Enhanced DNS Security

ETP is deployed across all industries & organisation types including single and multi-site networks. Use cases include:

  • Protection Against Malware & Phishing for Devices that are On-Network or Off-Network – Apply policy to block malicious activity across your entire enterprise in minutes. Use the DNS control point to uniformly and immediately block malicious domains and communications.
  • Enforce an Enterprise Acceptable Use Policy (AUP) – Block inappropriate content across the enterprise quickly and effectively.
  • Guest Wi-Fi Acceptable Use Policy (AUP) – Enforce an acceptable use policy across your guest wi-fi for brand protection.

Recursive DNS Protection: How it Works

Enterprise Threat Protector: Recursive DNS Protection & DNS Security
Enterprise Threat Protector: Recursive DNS Protection

The Domain Name System (DNS) is the foundation for all Internet services, yet many malicious domains, including sites hosting malware and ransomware, and the associated command and control (CnC) servers, use recursive DNS for attacks.

When an enterprise’s external recursive DNS traffic is directed to activereach’s Enterprise Threat Protector, requested domains are checked against our real-time domain risk scoring threat intelligence, and enterprises can proactively block employees from accessing malicious domains and services. As this validation happens before the IP connection is made, threats are stopped earlier in the security kill chain, i.e., farther away from an enterprise’s perimeter.

In addition, DNS is effective across all ports and protocols, thus protecting against malware that does not use standard web ports and protocols.

Domains can also be checked to determine the type of content an employee is attempting to access, and blocked if the content breaches the enterprise’s acceptable use policy.

Deploying the lightweight Enterprise Client Connector on managed laptops also lets companies quickly add an additional layer of proactive security when laptops are used off network.  Enterprise Threat Protector easily integrates with other security products and reporting tools — including Secure Web Gateways, Next-Generation Firewalls, and SIEMs, as well as external threat intelligence feeds — allowing companies to maximize their investments across all layers of their security stack.

Features

  • Real-time Threat Intelligence – Up-to-the minute threat intelligence with low false positives based on our visibility into 15-30% of daily web traffic, 2.2 Trillion Recursive DNS requests and propriety Data Science algorithms.
  • Customer-Categorized Threat Customization – Security teams can quickly integrate existing threat intelligence feeds, extending value from your existing security investments.
  • Acceptable Use Policy (AUP) Management – Customize and enforce enterprise acceptable use policy and ensure compliance by limiting which content categories can and cannot be accessed.
  • Analysis and Reporting – Dashboards provide real-time insight into all outbound enterprise DNS traffic, as well as threat and AUP events.
  • Logging – DNS logs are retained for 30 days and can easily be exported as a CSV file or integrated into a SIEM for further analysis.
  • Domain Name System Security Extensions (DNSSEC) – All DNS requests sent to Enterprise Threat Protector have DNSSEC enabled.

Business Benefits

Significantly improve security defences by proactively blocking DNS requests to malware and ransomware drop sites, malware command and control (CnC)
servers, and DNS data exfiltration and phishing domains based on unique and up-to-date threat intelligence
Easily reduce management time by administering security policies and updates from anywhere in seconds to protect all locations
Instantly add protection without complexity or hardware with a 100% cloud-based solution that can be configured and deployed in minutes (with no disruption for users) and rapidly scaled Quickly and uniformly enforce compliance and your acceptable use policy by blocking access to objectionable or inappropriate domains and content categories
Simply reduce risk and improve security for off-network laptops without using a VPN with the lightweight Enterprise Client Connector which enforces your security measures and Acceptable Use Policies. Immediately increase DNS resilience and reliability with our carrier-grade global intelligent platform.

DNS Security: Cloud-Based Management Portal

DNS Security via Enterprise Threat Protector: Cloud-Based Management Portal
Enterprise Threat Protector: Cloud-Based Management Portal

Monitoring provides a comprehensive high-level view:

• Dashboard: Provides an overview of ETP, and of the threat and AUP events over the past 24 hours, week, or month.

• Events: Provides deeper detail on threat and AUP events.

• DNS Activity: Provides an overview of DNS traffic.

DNS Logs are retained for 30 days, and SIEM integration can be done via a JSON API.