What is DNS Filtering?

DNS Filtering from DigitalStakeout Securd is a cloud-delivered DNS protective DNS service that defends endpoints (laptops, workstations, servers, IoT devices, etc.) from connecting to a malicious or untrusted destination.

DNS Filtering Reduces the Threat of Phishing and Malware by 90%

Did you know that a Protective DNS solution can reduce your risk of a modern malware incident? According to the NSA Cybersecurity Directorate director Anne Neuberger had this to say about securing DNS. “Using secure DNS would reduce the ability for 92% of malware attacks both from command and control perspective, deploying malware on a given network.” DNS-level security from Securd protects your endpoints and end users from malicious sites and the hostile Internet. Powered by patent-pending DNS & URL defense, zero-trust DNS filtering controls access to the Internet and keeps your end-users and endpoints safe.

Unfiltered Recursive DNS is A Security Vulnerability

Did you know that unfiltered DNS resolution is a security vulnerability? Cyber threat actors are hoping that you allow anything to resolve on DNS. Threat actors relentlessly use cheap, disposable, and compromised Internet resources to stand up domains and websites to attack your employees and organization. If your using your ISP DNS services, you’re at increased risk to connecting to a malicious domain. If your endpoints, servers, and devices can resolve and connect to any random domain on the Internet, you have a cybersecurity vulnerability.

What Cyber Criminals Do Before they Attack Your Organization

Before compromising a victim, attackers purchase or new and existing domains to use for targeting. Domains are purchased or are acquired for free. In some cases, domains are compromised, and they are used as a vehicle to download, spread or command malware.

Attackers send spearphishing emails with a malicious link in an attempt to gain access to victim systems. These links are hosted websites, and domains the attackers acquire or build. In some cases, “trusted” and “established” websites are used.

Attackers often develop techniques, tactics, and procedures (TTPs) to prevent the detection of their communication to Command and Control (C2) domains. Attackers’ pre-attack activities include grooming domains to make them appear to be trustworthy or legitimate.

Must Have DNS Filtering Features

While there are some common security features in the DNS filtering, new capabilities and strategies must defend against modern threats. Bad actors mostly have unfettered agility Internet. They can stand up new domains, websites, and infrastructure with little or no effort. Advanced persistent threat (APT) groups have the resources, patience, and methods to bypass almost all reactive defenses. In today’s landscape, assume your traditional antivirus, firewall and endpoint defenses will fail to mitigate unseen and emerging threats on the web. You must assume every DNS query and target domain is hostile and find a way to verify the target is not hostile.

DigitalStakeout Securd is the only DNS filtering solution that can:

  • Block newly registered domains in real-time.
  • Block newly observed domains in real-time by tenant/customer.
  • Block dormant or awakened domains in real-time by tenant/customer.
  • Disrupt malware downloads and phishing with delayed DNS resolution by Securd Greywall™.
  • Set DNS resolution policies by Securd Rank™.
  • Create implicit deny zero-trust security policies.
  • Forward DNS logs in real-time to a SIEM/syslog by tenant/customer.

DNS Filtering for Any Organization

DigitalStakeout Securd offers a new approach to DNS protection to combat phishing, ransomware and other Internet attacks with precision control that legacy DNS firewall and DNS filtering cannot offer. Our protective DNS security technology assumes every domain is an advanced persistent threat until proven otherwise.

Securd can be used by any business, regardless of size or location. It takes most administrators less than 5 minutes to get started. Securd offers the following security, deployment and network features:

Security Features

  • Zero Trust Protection
  • Timed Grey Wall for New Domains
  • 15+ Security Categories
  • URL Level Blocking
  • DNSSEC Enforcement
  • Implicit Deny/Allow Egress
  • Custom Allow Lists
  • Custom Block List
  • Domain/Hostname Blocking
  • IP/CIDR Blocking
  • Real-time Analytics & Logs
  • Historical Passive DNS Logs
  • SIEM/Log Analysis Integration
  • Incident Response Tool Integration

Deployment Features

  • Cloud-Based SaaS
  • Simple Web-Based UI
  • Multi-Tenant/ Multi-Site Support
  • 100% Uptime Global Anycast DNS
  • 10ms Query Response Times
  • Real-time Policy Changes
  • IPv4/IPv6 Support
  • DoH & DoT Support
  • Custom TTLs
  • Multiple Policies Per IP
  • Custom DoH Urls
  • Agent/Agentless Deployment Options

Start taking opportunities away from cyber adversaries.

Let’s Get Started