DNS GuardianAdaptive DNS Security To Ensure Service Continuity and Data Protection
Secure DNS Services Require A Purpose-Built Security Solution
The nature of DNS threats is quickly evolving and DNS attacks have become highly sophisticated based on distributed, multi-vector and multi-stage assault modes. Signature-based security solutions such as firewall, anti-DoS or IPS are not adapted to efficiently ensure DNS services availability and integrity. They have proved to be insufficient against most DNS attacks – such as DNS hijacking, amplification and reflection attacks, and DNS flooding – and even worse, present a high risk of blocking legitimate clients (false positives).
Restricted DNS analytics capacity and basic blocking-based countermeasure imply serious security limitations and risks: Business downtime, customer data or intellectual property theft, damaged reputations and embezzlement of money.
A modern DNS security system must be agile enough to adapt its DNS protection mechanisms to mitigate the risk of false positives, while safeguarding data and ensuring DNS service integrity and continuity to legitimate clients.
Spot DNS Attacks with Behavioral Threat Detection
DNS Guardian is a protective DNS solution that delivers built-in security to cache, recursive and authoritative DNS servers. It is the premier secure DNS appliance on the market offering complete and real-time DNS Transaction Inspection (DTI), enabling in-depth understanding of the context of client requests.
By analyzing transactions at the heart of the DNS server (queries, responses, fragments, recursions), threat visibility is enhanced well beyond known attack patterns and overcomes the limitations of signature-based protection systems that only offer limited peripheral traffic visibility.
Protect DNS Service Continuity and Data with Adaptive DNS Security
DNS Guardian’s patented innovation enables graduated and adaptive countermeasures according to the threat analysis. It provides intelligent DNS protection to ensure service continuity and safeguard data while nearly eliminating all risk of false positives.
The product offers the most advanced DNS security solution on the market to protect against all types of DNS-based attacks, from stealth to volumetric attacks. including cache poisoning, DDoS attacks, DNS tunneling, DGA malware, and UDP flood.
Thwart Malware & APT with External and Internal Threat Intelligence Services
Almost 100% of network connections are initiated using DNS services. Analyzing DNS traffic to develop internal threat intelligence in the specific context of the enterprise is a key security component of any modern security strategy.
DNS Guardian can detect zero-day malicious domains used by malware to communicate with external CnC servers (DNS tunneling) or exfiltrate data, and DGAs (domain generation algorithms). Identified malicious domains are dynamically shared between DNS Guardian appliances, delivering actionable predictive DNS security. This complements EfficientIP or third party threat intelligence services over domain reputation.
Improve App Access Control at Individual Client Level
The DNS Guardian engine implements application access control at the DNS level through DNS filtering, via the Client Query Filtering (CQF) feature. This unique proposition on the market offers scalability and performance for a host of security use cases ranging from IoT segmentation to parental control.
Enhance Threat Remediation and SOC Efficiency
Get instantaneous visibility on DNS services to improve remediation capacity with out-of-the-box statistics, delivering unequaled insights and reports on DNS traffic, without the need for additional appliances. DNS Guardian delivers high-performing logging capabilities which can be seamlessly integrated with leading SIEM solutions such as Kibana, Splunk, or QRadar.
Events resulting from the analysis of DNS transactions, together with threat intelligence over domain reputation, are used to supplement traditional logs, allowing the SIEM to contextualize the threat
DNS Guardian Key Benefits
Behavioral Threat Detection
Real-time DNS analytics accurately detect most advanced stealth attacks and threats hidden in the traffic.
Unequalled Service Continuity
Even with unidentifiable sources, via adaptive countermeasures (Block, patented quarantine and recovery modes).
Detect zero-day malicious domains used by malware to exfiltrate data or communicate with external CnC servers via DNS tunneling.
Data Confidentiality Protection
Sensitive data protected from exfiltration – assured regulation compliance: GDPR, US Cloud Act, NISD, PDPA….
In-depth DNS Traffic Visibility
DNS Transaction Inspection (DTI) technology provides unmatched visibility and understanding of traffic over time.
Multi DNS Protocol Support
Supports standard and common UDP traffic as well as secured DoT and DoH encrypted transport.
Data exfiltration over DNS queries or via DNS tunneling circumvents traditional security systems. See how hackers abuse DNS services to steal data, and understand how EfficientIP solutions detect data theft attempts.
Existing DNS security solutions are not powerful enough to receive and properly analyze high volumes of DNS traffic in real-time. This dramatically limits threat detection capability on the DNS service and potentially creates dangerous side effects.
DNS Guardian is part of EfficientIP’s unique 360° DNS Security technology solution, protecting both public and private DNS infrastructures against all attack types including DNS hijacking, DNS tunneling, DNS cache poisoning, and data exfiltration.