DNS Layer Security

DNS Layer security from DigitalStakeout Securd is feature that defends endpoints (laptops, workstations, servers, IoT devices, etc.) from resolving a malicious or untrusted destination via the DNS protocol.

DNS Layer Security Reduces Phishing and Malware by 90%

Did you know that a DNS layer security solution can reduce your risk of a modern malware incident?

According to the NSA Cybersecurity Directorate director Anne Neuberger had this to say about securing DNS. “Using secure DNS would reduce the ability for 92% of malware attacks both from command and control perspective, deploying malware on a given network.”

DNS-layer security from DigitalStakeout Securd protects your endpoints and end users from malicious sites and the hostile Internet. Powered DNS & URL defense, DNS filtering from DigitalStakeout Securd secures access to the Internet and keeps your end-users and endpoints safe from malicious and compromised domains.

Unfiltered Recursive DNS is A Security Vulnerability

At DigitalStakeout, we consider unflitered DNS resolution is a security vulnerability. Cyber threat actors are hoping that you allow any endpoint to resolve any possible domain on DNS or perform any type of DNS query.

Threat actors relentlessly use cheap, disposable, and compromised Internet resources to stand up domains and websites to attack your employees and organization. If your using your ISP DNS services, you’re at increased risk to connecting to a malicious domain. If your endpoints, servers, and devices can resolve and connect to any random domain on the Internet, it’s a cybersecurity vulnerability.

How Cyber Criminals use the DNS Layer to Attack

Before compromising a victim, attackers purchase or new and existing domains to use for targeting. Domains are purchased or are acquired for free. In some cases, domains are compromised, and they are used as a vehicle to download, spread or command malware.

Attackers send spearphishing emails with a malicious link in an attempt to gain access to victim systems. These links are hosted websites, and domains the attackers acquire or build. In some cases, “trusted” and “established” websites are used.

Attackers often develop techniques, tactics, and procedures (TTPs) to prevent the detection of their communication to Command and Control (C2) domains. Attackers’ pre-attack activities include grooming domains to make them appear to be trustworthy or legitimate.

DNS-Level Security is a Must Do

While there are some common security features in the DNS filtering, new capabilities and strategies must defend against modern threats. Bad actors mostly have unfettered agility Internet. They can stand up new domains, websites, and infrastructure with little or no effort. Advanced persistent threat (APT) groups have the resources, patience, and methods to bypass almost all reactive defenses. In today’s landscape, assume your traditional antivirus, firewall and endpoint defenses will fail to mitigate unseen and emerging threats on the web.

You must assume every DNS query and target domain is hostile verify the target request is not hostile.

DigitalStakeout Securd is the only DNS layer security solution that can:

  • Block newly registered domains in real-time.
  • Block newly dormant or newly awakened domains in real-time.
  • Disrupt malware downloads and phishing with delayed DNS resolution (Securd Greywall™).
  • Set DNS trust resolution policies by Securd Rank™.
  • Create implicit deny to run DNS in a rule of least privilege mode.
  • Forward DNS logs in real-time to XDR, SIEM or log aggregation tool.

DNS Filtering for Any Organization

DigitalStakeout Securd offers a new approach to DNS protection to combat phishing, ransomware and other Internet attacks with precision control that legacy DNS layer security and DNS filtering cannot offer. Our protective DNS security technology assumes every domain is an advanced persistent threat until proven otherwise.

Securd can be used by any business, regardless of size or location. It takes most administrators less than 5 minutes to get started. Securd offers the following security, deployment and network features:

Security Features

  • Zero Trust Protection
  • Timed Grey Wall for New Domains
  • 15+ Threat Categories
  • URL Level Blocking
  • DNSSEC Enforcement
  • Implicit Deny/Allow Egress
  • Custom Allow Lists
  • Custom Block List
  • Domain/Hostname Blocking
  • IP/CIDR Blocking
  • Real-time Analytics & Logs
  • Historical Passive DNS Logs
  • SIEM/Log Analysis Integration
  • Incident Response Tool Integration

Deployment Features

  • Dual Stack, IPv4 and IPv6 Support
  • Cloud-Based SaaS
  • Simple Web-Based UI
  • Multi-Tenant/ Multi-Site Support
  • 100% Uptime Global Anycast DNS
  • 10ms Query Response Times
  • Real-time Policy Changes
  • DoH & DoT Support
  • Custom TTLs
  • Multiple Policies Per IP
  • Custom DoH Urls
  • Agent/Agentless Deployment Options

Get Started with DNS Layer Security

Protective DNS for Free