Hackers and Malware Abuse DNS Services to Circumvent Traditional Security Systems
DNS-based malware is particularly dangerous because it is often used to steal critical company and customer data, interrupt business continuity and damage brand reputation. Hackers take advantage of the underestimation of DNS services’ key role in the cyber kill chain – 91% of malware are using DNS services to build attacks. A global 2021 DNS Security survey conducted by IDC revealed that 87% of respondents said they had been targeted by a DNS attack in the last 12 months. Traditional security systems are not enough to mitigate this type of threat, as they could be easily circumvented.
DNS Firewall is embedded in EfficientIP SOLIDserver appliances. The product provides a purpose-built and complementary solution to traditional enterprise network security systems, to effectively protect against DNS-based malware and advanced persistent threats (APT). It’s enhanced DNS query filtering capabilities, combined with dynamic threat intelligence feeds, allow for the quick identification of suspicious device activity, preventing malware infection and spread within a network, as well as phishing campaigns and data exfiltration attempts.
2022 Global DNS Threat Report
Discover the growing dangers of DNS attacks, and read the results of the worldwide survey from EfficientIP and IDC.
Prevent Infection and Block DNS-Malware Activity
The SOLIDserver™ DNS Firewall solution, based on RPZ (Response Policy Zone), offers a dedicated layer of defense for malware protection and mitigation. DNS Firewall prevents connected devices from becoming infected with malware and blocks their activity by enabling recursive DNS servers to stop or redirect queries from clients that want to access identified malicious domains and/or IPs. Illegitimate communications with C&Cs/botnets, and DNS based data exfiltration (DNS tunneling) are immediately blocked, before they impact and damage your company.
Adapt Malware Protection With Threat Intelligence
To keep pace with the ever-evolving threat landscape, DNS Firewall includes dynamic threat intelligence services. DNS Firewall comes with this kind of constantly updated data feed built from various distributed sources, to combat categories such as:
- Abuse and spam related domains
- Phishing-related domains
- Malware-related domains
- Cracked website FQDN(s)
- Botnet Command and Control
The data feed can be easily customized with specific filtering policies to adapt to local security requirements.
Using DNS Guardian, internal threat intelligence can be developed, bringing capability to detect zero-day malicious domains.
Get Unified Control of DNS Filtering Policies
The SOLIDserver appliance brings advanced filtering policy management capability, ensuring an up to date list of malicious or forbidden IP addresses, domains, URLs, or name servers. The entire DNS Firewall architecture is automatically updated regardless of the server type (Linux or EfficientIP’s secure DNS appliance) protecting – in a single operation – your organization from malware attacks.
Enhance Malware Mitigation and Remediation with Infected Device Identification
Leverage DDI and discovered network’s data and locate infected devices with technical, organizational and contextual information (site, floor, IP address, name etc.) for improved threat remediation and security response. Track over time historical compromised device localizations to spot lateral movement of malware and block their activity.
Benefit From Advanced DNS Threat Reporting
SOLIDserver™ pre-defined or customized reports give consolidated visibility and data-driven insights on DNS services for network security teams. RPZ analysis reports are also available to detect filtered domains and most requesting clients. In addition, SOLIDserver delivers high-performing logging capabilities which can be seamlessly integrated with leading SIEM solutions such as Kibana, Splunk and QRadar. This integration provides DNS data for log correlation, enabling centralized analysis and reporting, including immediate access to requested malicious domains.
DNS Firewall Key Benefits
DNS Firewall is part of EfficientIP’s unique 360° Security technology solution, protecting against volumetric, exploit and stealth attacks for both public and private DNS infrastructures. Click here to learn more about our total approach.
Mitigate At
The Source
Thwart initial infection and phishing.
Adapt To Evolving Threat Landscape
Threat Intelligence services to keep pace with malicious domains/IPs.
Proactively Prevent New Attacks
Detect and block malware communication with C&C server.
Advanced Threat Reporting
Combine logging with existing event managers, generate reports using plugins such as Splunk or Graylog.
Locate Infected Devices on Your Network
NetChange network discovery tool helps fast localization for immediate remediation.
Request a Free Trial of DNS Firewall
See how DNS Firewall helps you prevent malware infection and spread within your network.
Related Content
HACKING DEMO VIDEO #1 – MAIL INFECTION
See how hackers abuse DNS to embed malware into documents to carry out Phishing attacks, and how to protect your users and infrastructure with solutions that detect malicious domains.
ENHANCING THREAT INTELLIGENCE SERVICES
Develop your own threat intelligence services based on real-time DNS analytics of your internal DNS traffic to help to defeat DGA malware, detect zero-day malicious domains and strengthen your overall network security.
DNS FIREWALL PRODUCT BROCHUREDNS Firewall is a component of EfficientIP’s unique 360° DNS Security offering. It helps protect users, apps and infrastructure from malware, botnets and APT.