Hackers and Malware Abuse DNS Services
DNS-based malware is particularly dangerous because it is often used to steal critical company and customer data, interrupt business continuity and damage brand reputation. Hackers take advantage of the underestimation of DNS services’ key role in the cyber kill chain – 91% of malware are using DNS services to build attacks. A global 2017 DNS Security survey conducted by EfficientIP shows that 76% of respondents said they had been targeted by a DNS attack in the last 12 months. When questioned on damages, more than 28% of respondents had intellectual property or sensitive customer information stolen. Traditional security systems are not enough to mitigate this type of threat, as they could be easily circumvented.
DNS Firewall from EfficientIP is a purpose-built and complementary solution to traditional security systems, to effectively protect against DNS-based malware and advanced persistent threats (APT). It’s enhanced DNS query filtering capabilities, combined with dynamic threat intelligence feeds, allow for the quick identification of suspicious device activity, preventing malware infection and spread within a network, as well as phishing campaigns and data exfiltration attempts.
Ensure Proactive and Efficient Protection Against DNS-Based Malware
The SOLIDserver™ DNS Firewall solution, based on RPZ (Response Policy Zone), offers a dedicated layer of defense to monitor and analyze DNS traffic, protecting users and infrastructures against DNS-based malware.
DNS Firewall prevents connected devices from becoming infected with malware and blocks their activity by enabling recursive DNS servers to stop or redirect queries from clients that want to access domains and/or IPs known to be malicious. Compromised devices can be identified and located on the network for rapid neutralization.
The SOLIDserver appliance offers advanced management based upon RPZ dynamic reputation data feed and manual configuration, ensuring an up to date list of malicious or forbidden IP addresses, domains, URLs, or name servers. The entire DNS architecture is automatically updated regardless of the server type (Linux, or EfficientIP’s secure DNS appliance).
To keep pace with the ever-evolving threat landscape, DNS Firewall includes dynamic threat intelligence services. Maintaining appropriate filtering rules regarding known malicious domains is difficult because of the dynamic property of the threat. The most sustainable solution is via a dynamically-updated filtering rule repository that can be extended through a customized filtering policy. DNS Firewall comes with this kind of dynamic data feed built from various distributed sources.
Benefit from Advanced Threat Reporting
The set of built-in reports produced by SOLIDserver™ offers immediate access to key information you need on DNS services. In addition to this, SOLIDserver delivers high-performing logging capabilities which can be seamlessly integrated with leading SIEM solutions such as Kibana, Splunk, QRadar. This integration provides DNS data for log correlation, enabling centralized analysis and reporting, including immediate access to requests to malicious domains.
DNS Firewall Key Benefits
DNS Firewall is part of EfficientIP’s unique 360° Security technology solution, protecting against volumetric, exploit and stealth attacks for both public and private DNS infrastructures. Click here to learn more about our total approach.
Thwart initial infection and phishing.
Adapt To Evolving Threat Landscape
Threat Intelligence services to keep pace with malicious domains/IPs.
Proactively Prevent New Attacks
Detect and block malware communication with C&C server.
Provide Advanced Threat Reporting
Combine logging with existing event managers, generate reports using plugins such as Splunk or Graylog.
Locate Infected Devices on Your Network
NetChange network discovery tool helps fast localization for immediate remediation.