Every online interaction from your users and devices to sites and services on the Internet starts with a DNS query. As such, it makes a good control plane and network management protocol and has for many years.
Today, DNS is used for many purposes:
- Load-balancing across sites and servers
- Site failover
- Server migrations
- Validation for outgoing email servers
- Validation for TLS certificates
- Verification of zone records (DNSSEC)
In this blog post, we will shift our attention to another use. DNS, being the starting point of a network connection, serves as an effective control plane for safeguarding internal resources like desktops, mobile phones, enterprise servers, and even Internet of Things (IoT) and medical devices.
The benefits of Protective DNS.
Protective DNS is a DNS recursive resolver that filters traffic based on defined criteria. When used as a cloud service, an organization takes the DNS resolvers inside of their Local Area Network and makes them caching forwarders that relay DNS queries to the Protective DNS service provider. Alternatively, a software agent running on an endpoint device sends DNS queries directly to the Protective DNS service, bypassing any local resolver services.
There are many benefits and use-cases that Protective DNS offers:
- Cost-Effectiveness: Using protective DNS to manage traffic is a highly cost-effective solution.
- Quicker Blocking: When used as a service, the dynamic analysis capabilities of a Protective DNS can block malicious domains and FQDNs very quickly.
- Backed by Threat Intelligence: Protective DNS can include various Indicators of Compromise (IoC) from Cyber Threat Intelligence (CTI) feeds.
- Effective at Blocking: Protective DNS blocks malware droppers and phishing sites found in email and web links.
- Enforces AUPs: Protective DNS helps enforce Acceptable Use Policies by blocking access to pornography, gambling, sports, and social media sites.
- Detects Existing Malware: Protective DNS can detect Command and Control (C2) activity in systems infected with malware, even if it was introduced through non-network methods like an infected USB device.
- Off-Network Protection: With a client-side agent, you can enable protective DNS to safeguard devices outside of your enterprise network. For instance, when users work remotely, at a coffee shop, or at an airport—places where you do not have control over the network.
- Low-Footprint: Protective DNS, being a network service, doesn’t need extra CPU and RAM on every device like other anti-malware agents.
- Protects Unsupported Devices: Protective DNS can be used to protect IoT and other devices that do not support anti-malware agents.
What to look for in a protective DNS solution.
A good Protective DNS solution will employ various techniques to identify and prevent malicious activities such as the following:
- Being able to generate and import static DNS filter lists from trusted Cyber Threat Intelligence sources to block IP addresses, network blocks, domains, and Fully-Qualified Domain Names (FQDNs) associated with known threats and malicious entities.
- Categorizing domains and websites into content types such as dating sites, social media, alcohol-related, phishing, and spyware is an essential step for ensuring policy compliance and effectively blocking malicious downloads. The organization can then determine which categories they would like to block.
- Using advanced data science to correlate data about known cybercriminal infrastructure and to detect and block previous-unseen domains and FQDNs. This reduces the amount of time that a
- Building policies to customize the behavior of the DNS filtering to include country blocks, minimum domain age, and even to adjust the minimum threshold for blocking malicious domains.
Because of the capabilities that protective DNS brings to an organization that uses it, it is required or recommended by a variety of compliance frameworks such as NIST, ISO, and PCI-DSS. It also is one of the most cost-effective solutions to protect against malware. Incorporating Protective DNS into your cybersecurity strategy is a crucial step toward protecting your systems. To find out more, speak to sales today.
