• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Protective DNS: What it is, why it matters, and what you need

Author avatar of Andrea GrossAndrea Gross
April 6, 2021 • 3 minute read
View blog >

Earlier this month, the National Security Agency (NSA) and Cybersecurity Infrastructure Security Agency (CISA) issued an advisory on the growing need to introduce a protective DNS (PDNS) solution to your organization’s security footprint. Because DNS is foundational to most online activity, it’s also the layer where many attacks — including malware, phishing, command and control, and domain generation algorithms — first strike. Analyzing and protecting your organization’s DNS queries is a key defensive strategy, and the right PDNS solution can make a major difference in your security posture.

Ransomware lifecycle illustration

From malicious links in phishing emails to bogus URLs that prey on common misspellings of web addresses, cyber attackers use domain names across the entire network exploitation lifecycle.

While many enterprises already employ some degree of DNS security, not all solutions are created equal — not every platform, for instance, can address compromised upstream DNS infrastructure or maliciously provisioned DNS registrations. That’s part of the reason why the CISA recommends PDNS specifically — it includes a policy-implementing DNS resolver that returns answers to queries based on specific criteria within those policies. This resolver checks both the domain name queries and the returned IP addresses against threat intelligence, preventing connections to known or suspected malicious sites.

PDNS solutions categorize domain names as malicious or not by tapping into the latest threat intelligence — the quality of that threat intelligence, then, makes a major difference in your ability to identify and block threats. Most DNS security providers rely on the same open source and government threat intelligence feeds that everyone has access to. Cisco’s DNS security goes further. Our PDNS — included as part of the Cisco Umbrella multi-function security service — taps into an entirely different level of threat intelligence, leveraging:

  • Real-time DNS data — gathered from 620 billion daily internet requests — further enriched with both public and private threat data
  • Proprietary intelligence from Cisco Talos, one of the largest private threat intelligence groups in the world
  • Statistical models that automatically score and classify all of our data, so we can detect anomalies and uncover both known and emerging threats

Cisco Umbrella also includes access to Umbrella Investigate, a unique interface that provides the most complete view of the relationships and evolution of internet domains, IPs, and files —the context you need for faster incident investigation and response. Following millions of security events happening in real-time, Investigate learns from internet activity patterns, automatically identifying the infrastructure attackers use, so you can predict future threats. We give you access to this intelligence so you can get more out of your existing security investments and become more proactive at combating the next cyberattack.

“Umbrella Investigate is a Swiss Army knife for understanding endpoints on the internet. Using Investigate, we get insight into what’s happening, why, and what we need to do.”

Joseph Paradi
Executive – ITS Enterprise Services, Avanade

And that’s just some of the advantages Cisco Umbrella offers in PDNS. On-premise appliances and hybrid-cloud solutions don’t always have the horsepower to stay on top of malicious queries. Completely cloud-native, Cisco Umbrella has what it takes to actively process and enforce more than 7 million unique malicious domains and IPs concurrently at the DNS layer, blocking 60,000+ new destinations every day. Plus, as a cloud-based service, Cisco Umbrella can deploy across your entire organization in minutes, making it one of the easiest ways to protect your users. All Cisco Umbrella packages provide roaming protection for Windows, MacOS, iOS, Chrome OS, and Android devices, no matter where a user may go.

Illustration: Cisco Umbrella’s PDNS service provides visibility and protection for all internet activity

Cisco Umbrella’s PDNS service provides visibility and protection for all internet activity, anywhere your users access the internet.

The CISA said it best: Protective DNS is quickly becoming the new security mandate for your organization. But you need a solution supported by the very best threat intelligence — and Cisco Umbrella has it. Check out the full CISA report for more details — and learn more about how Cisco Umbrella can help in a 2-part DNS Protective Seminar. Join us for part 1 on Wednesday, April 14, 2021 at 1pm ET and learn why Umbrella is the industry leading DNS security efficacy solution, leveraging 30+ statistical models to analyze 200B DNS requests and identify 60k new malicious destinations a day. Then join us for part 2 on Wednesday, April 28, 2021 at 1pm ET where we’ll show you Cisco Investigate in action.

Register for the 2-part DNS Protective Seminar

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella