Earlier this month, the National Security Agency (NSA) and Cybersecurity Infrastructure Security Agency (CISA) issued an advisory on the growing need to introduce a protective DNS (PDNS) solution to your organization’s security footprint. Because DNS is foundational to most online activity, it’s also the layer where many attacks — including malware, phishing, command and control, and domain generation algorithms — first strike. Analyzing and protecting your organization’s DNS queries is a key defensive strategy, and the right PDNS solution can make a major difference in your security posture.
From malicious links in phishing emails to bogus URLs that prey on common misspellings of web addresses, cyber attackers use domain names across the entire network exploitation lifecycle.
While many enterprises already employ some degree of DNS security, not all solutions are created equal — not every platform, for instance, can address compromised upstream DNS infrastructure or maliciously provisioned DNS registrations. That’s part of the reason why the CISA recommends PDNS specifically — it includes a policy-implementing DNS resolver that returns answers to queries based on specific criteria within those policies. This resolver checks both the domain name queries and the returned IP addresses against threat intelligence, preventing connections to known or suspected malicious sites.
PDNS solutions categorize domain names as malicious or not by tapping into the latest threat intelligence — the quality of that threat intelligence, then, makes a major difference in your ability to identify and block threats. Most DNS security providers rely on the same open source and government threat intelligence feeds that everyone has access to. Cisco’s DNS security goes further. Our PDNS — included as part of the Cisco Umbrella multi-function security service — taps into an entirely different level of threat intelligence, leveraging:
- Real-time DNS data — gathered from 620 billion daily internet requests — further enriched with both public and private threat data
- Proprietary intelligence from Cisco Talos, one of the largest private threat intelligence groups in the world
- Statistical models that automatically score and classify all of our data, so we can detect anomalies and uncover both known and emerging threats
Cisco Umbrella also includes access to Umbrella Investigate, a unique interface that provides the most complete view of the relationships and evolution of internet domains, IPs, and files —the context you need for faster incident investigation and response. Following millions of security events happening in real-time, Investigate learns from internet activity patterns, automatically identifying the infrastructure attackers use, so you can predict future threats. We give you access to this intelligence so you can get more out of your existing security investments and become more proactive at combating the next cyberattack.
“Umbrella Investigate is a Swiss Army knife for understanding endpoints on the internet. Using Investigate, we get insight into what’s happening, why, and what we need to do.”Joseph Paradi
Executive – ITS Enterprise Services, Avanade
And that’s just some of the advantages Cisco Umbrella offers in PDNS. On-premise appliances and hybrid-cloud solutions don’t always have the horsepower to stay on top of malicious queries. Completely cloud-native, Cisco Umbrella has what it takes to actively process and enforce more than 7 million unique malicious domains and IPs concurrently at the DNS layer, blocking 60,000+ new destinations every day. Plus, as a cloud-based service, Cisco Umbrella can deploy across your entire organization in minutes, making it one of the easiest ways to protect your users. All Cisco Umbrella packages provide roaming protection for Windows, MacOS, iOS, Chrome OS, and Android devices, no matter where a user may go.
Cisco Umbrella’s PDNS service provides visibility and protection for all internet activity, anywhere your users access the internet.
The CISA said it best: Protective DNS is quickly becoming the new security mandate for your organization. But you need a solution supported by the very best threat intelligence — and Cisco Umbrella has it. Check out the full CISA report for more details — and learn more about how Cisco Umbrella can help in a 2-part DNS Protective Seminar. Join us for part 1 on Wednesday, April 14, 2021 at 1pm ET and learn why Umbrella is the industry leading DNS security efficacy solution, leveraging 30+ statistical models to analyze 200B DNS requests and identify 60k new malicious destinations a day. Then join us for part 2 on Wednesday, April 28, 2021 at 1pm ET where we’ll show you Cisco Investigate in action.