Protecting and Defending Network Infrastructure Against Malware
Hackers and Malware Abuse DNS Services
DNS-based malware is particularly dangerous because it is often used to steal critical company and customer data, interrupt business continuity and damage brand reputation. Hackers take advantage of the underestimation of DNS services’ key role in the cyber kill chain – 91% of malware are using DNS services to build attacks. A global 2017 DNS Security survey conducted by EfficientIP shows that 76% of respondents said they had been targeted by a DNS attack in the last 12 months. When questioned on damages, more than 28% of respondents had intellectual property or sensitive customer information stolen. Traditional security systems are not enough to mitigate this type of threat, as they could be easily circumvented.
DNS Firewall from EfficientIP is a purpose-built and complementary solution to traditional security systems, to effectively protect against DNS-based malware and advanced persistent threats (APT). It’s enhanced DNS query filtering capabilities, combined with dynamic threat intelligence feeds, allow for the quick identification of suspicious device activity, preventing malware infection and spread within a network, as well as phishing campaigns and data exfiltration attempts.
Ensure Proactive and Efficient Protection Against DNS-Based Malware
The SOLIDserver™ DNS Firewall solution, based on RPZ (Response Policy Zone), offers a dedicated layer of defense to monitor and analyze DNS traffic, protecting users and infrastructures against DNS-based malware.
DNS Firewall prevents connected devices from becoming infected with malware and blocks their activity by enabling recursive DNS servers to stop or redirect queries from clients that want to access domains and/or IPs known to be malicious. Compromised devices can be identified and located on the network for rapid neutralization.
The SOLIDserver appliance offers advanced management based upon RPZ dynamic reputation data feed and manual configuration, ensuring an up to date list of malicious or forbidden IP addresses, domains, URLs, or name servers. The entire DNS architecture is automatically updated regardless of the server type (Linux, or EfficientIP’s secure DNS appliance).
To keep pace with the ever-evolving threat landscape, DNS Firewall includes dynamic threat intelligence services. Maintaining appropriate filtering rules regarding known malicious domains is difficult because of the dynamic property of the threat. The most sustainable solution is via a dynamically-updated filtering rule repository that can be extended through a customized filtering policy. DNS Firewall comes with this kind of dynamic data feed built from various distributed sources.