When evaluating protective DNS solutions, a critical component is detection efficacy, which measures the extent of the threat coverage for the solution and determines how reliable the protective DNS solution will be in detecting potential threats. The more coverage the solution provides and the more adaptable it is to the changing threat landscape, the more successful the solution will be in reducing your risk of succumbing to attacks.
Vercara UltraDDR (UltraDNS Detection and Response) is a cloud-based DNS-layer threat detection and response service that identifies and prevents attacks before they happen, independent of protocol, for devices inside and outside your network. UltraDDR detects compromises in real-time, blocking current and preventing future attacks from harming your users and network.
In a recent independent evaluation conducted by AV-TEST, UltraDDR outperformed all other solutions on the market in detection efficacy. Let us share more about these outstanding results and what they mean.
How do internet transactions start?
The vast majority of internet transactions start with a DNS query to a recursive resolver. DNS (Domain Name System) is the basic system that translates a domain name (“google.com”) to an IP address (“64.233.160.121”) that a computer or any connected device uses to establish communication with a remote domain. Since a DNS query to a recursive resolver is the initial step before communication can occur with the remote domain, it’s the ideal location to apply security controls to prevent attacks. If a remote domain is determined to be malicious, the recursive resolver can prevent the connection from going through, and even divert the request to a site that alerts users of the potential security concern. As UltraDDR watches outbound DNS queries and denies access to sites that are deemed malicious, UltraDDR prevents ransomware, malware, phishing, and other malicious attacks from impacting your resources — even if attackers infect one of your devices.
Measuring UltraDDR efficacy.
There are several factors that go into determining the effectiveness of a protective DNS solution:
- Performance
- Reliability
- Latency in different locations globally
- Ease of Use
- Integration points
- Customer service
- SLA
- Detection efficacy
With a global presence and a 20+ year track record of delivering industry-leading, anycast-based DNS services, Vercara is ideally equipped to fulfill these requirements. You can learn more about the rich history and capabilities of and how Vercara is in a unique position to provide a robust global service here. Ultimately, we recognize that the most critical consideration in finding the best solution for you is detection efficacy.
AV-Test shows UltraDDR’s superior efficacy.
We at Vercara have been measuring UltraDDR efficacy since before we launched UltraDDR. We have observed that it consistently detects malicious hostnames, which have not been detected by other commercial products available today. This proved that UltraDDR is able to provide additive value over other solutions available today, and we have suspected that it provided better detection coverage in general based on the reach of the adversary data lake. To demonstrate this, we contracted with AV-TEST (av-test.org), a respected third-party security testing company, to conduct a battery of tests on UltraDDR to provide an independent view of the efficacy of the solution.
AV-TEST queried UltraDDR for 3224 malicious hostnames — including:
- A combination of executable files
- Links to other files with malicious content
- Phishing sites
We’re proud to report that UltraDDR detected over 87% of the malicious executable files and over 84% of the links to other malicious content. This is a very high level of efficacy and it’s considerably better than what has been reported by other commercial solutions in the market.
For example, Cisco published a blog in February 2023, showing the results of a similar AV-TEST report on Cisco Umbrella and various other commercial solutions. According to that article, Cisco Umbrella had an efficacy of 51.8% when used as a protective DNS solution. Combined with a proxy solution that is in line with traffic, their detection efficacy jumped to 72.6%. All other solutions listed including Akamai, Infoblox, and Palo Alto had significantly lower detection rates on protective DNS.
UltraDDR’s efficacy was over 36% higher than Cisco Umbrella in an apples-to-apples comparison and still nearly 15% higher than the efficacy of Cisco Umbrella DNS + Proxy solution. 36% of 3224 hostnames translates to 1160 more malicious files blocked for UltraDDR. That’s a heck of a lot of risk reduction!
What makes UltraDDR unique?
UltraDDR uses a revolutionary adversary infrastructure data lake, powered by HYAS Infosec, to help determine and apply a risk score to domains. The risk score informs the solution which domains are considered suspicious and should be monitored, and which are malicious and should be blocked. The adversary data lake has several advantages that make it unique in the industry and provides a basis for the leap-frog detection efficacy available to UltraDDR:
- The breadth of the information that makes up the data lake includes data from hundreds of sources spanning multiple years of research.
- The continuous updating of data and relationships as billions of data items are ingested every day, including the detonation of hundreds of thousands of pieces of malware to extract the command-and-control (C2) infrastructure.
- ML/AI techniques are applied across the data lake to continually analyze and pick out new relationships that are indicative of malicious infrastructure.
Continuing to outperform.
87% is a great start, but we are not satisfied. We will continue to add innovation and apply lessons learned in our threat research, to expand our coverage and increase our already leading efficacy.
You can find a copy of the AV-TEST report here.