Cisco Umbrella

Enterprise network security

Search

What Is DNS Security?

DNS security helps protect users from cyberthreats both on and off corporate networks. Top-tier DNS security tools also improve the user experience, speeding up connection requests, while blocking malicious traffic and mitigating data exfiltration.

How DNS Security Works | Types of DNS Attacks | DNS Security Capabilities | Related Topics

Watch a DNS Security Demo

Cisco Umbrella Overview Video

Cisco Umbrella DNS security

Umbrella DNS cloud-delivered security service uplevels your security and visibility against Internet-based threats, and protects your users, everywhere, in minutes. Users gain better performance, and administrators can enforce a common set of security policies, from any location.

 

Learn about Umbrella DNS
Icon: How it works

How does DNS security work?

DNS security solutions deploy DNS protection that should be able to:

  • Monitor endpoint and network device DNS requests
  • Leverage continually updated threat intelligence to block risky sites
  • Help meet compliance mandates by enforcing filtering and blocking policies
  • Maintain fast and safe connectivity

 

Icon: Strong Protection

How do I ensure strong DNS protection?

To ensure strong DNS-layer protection, choose a protective DNS service that:

  • Respects user and corporate privacy
  • Provides visibility and control via DNS
  • Protects users and prioritizes alerts
  • Utilizes DNS security extensions
  • Supports all major endpoints and operating systems
Icon: Question in a light bulb

Is DNS security really necessary?

DNS security is necessary because DNS is an integral part of internet infrastructure and a simple, effective avenue for visibility and control. DNS security helps mitigate:

  • Sensitive data theft
  • Malware, phishing, and ransomware attacks
  • Web and non-web callbacks from compromised systems
Dive into DNS security

What are common types of DNS attacks?

What is DNS hijacking?

DNS hijacking is an attack in which threat actors exploit vulnerabilities to take over a DNS server and redirect all traffic to a malicious website.

What is DNS spoofing?

DNS spoofing is a deceptive DNS attack that involves using a poisoned cache to redirect internet traffic to a malicious website that appears legitimate but is designed to install malware or capture sensitive data.

What is DNS poisoning?

DNS poisoning (also called cache poisoning) is a technique threat actors use to swap DNS data with a malicious redirect.

What is DNS tunneling?

DNS tunneling is an attack technique used by adversaries to exfiltrate data via a DNS-based channel. Attackers attempt this by encoding data of other programs and protocols into DNS queries. Detecting and responding to DNS tunneling attacks and exfiltration attempts is a vital part of any DNS security service.

What is DNS amplification?

DNS amplification is a type of distributed denial of service (DDoS) attack that exploits DNS server vulnerabilities to amplify small requests into larger payloads, causing the server to crash.

What are the best types of DNS security capabilities?

DNS-layer security

DNS-layer security solutions protect networks from cyberthreats by securing DNS requests. Cisco Umbrella is a protective DNS service that uses Cisco Talos threat intelligence to block attacks before they reach the network.

DNS security essentials

DNS monitoring

DNS monitoring involves the continuous monitoring of DNS traffic and DNS servers for potential security issues. Recursive DNS monitoring services instantly perform a security check when a user attempts to access a website and blocks connections to risky sites.

Recursive DNS monitoring

DNS filtering

DNS filtering is a tool used to block access to malicious websites and other harmful online content. It can be used to protect against DNS attacks, such as DNS hijacking, by blocking traffic to malicious sites.

Web content filtering

DNS Security Extensions (DNSSEC)

DNSSEC validates DNS requests by digitally signing them with cryptographic signatures. This helps protect against attacks like DNS spoofing and DNS poisoning by ensuring the integrity of DNS data. Cisco Umbrella uses DNSSEC.

DNSSEC and Cisco Umbrella

Integrated security

Integrated security unifies threat management (internet, email, and endpoint security) to close security gaps. Solutions like Cisco Umbrella achieve this by unifying DNS-layer security with secure web gateway, cloud access security broker (CASB), data loss prevention (DLP), remote browser isolation (RBI), and more.

Integrated cybersecurity

Cisco Umbrella security blogs

ABCs of DNS
DNS-Layer Security: What It Is and Why You Need It
The Difference Between Authoritative and Recursive DNS Nameservers
DNS-layer Security for Small Businesses
Detect and Prevent Ransomware Attacks with DNS Security
Use DNS Data to Drive Better Security Decisions
 

Related Cisco security blogs

SSO and the Road to Passwordless
Automate Your Journey Towards DNS Security
Overcoming the DNS “Blind Spot”
DNS Hijacking Abuses Trust in Core Internet Service