Skip to content

Elevate DNS Threat Intelligence for Proactive Network Security

The brand-new EfficientIP DNS Threat Pulse together with DNS Client Query Filtering unlocks DNS Threat Intelligence potential to help level up network security for organizations

June 23, 2023 | Written by: Surinder Paul | ,

Elevate Dns Threat Intelligence for Proactive Network Security

Cyberattacks are becoming more frequent and increasingly sophisticated, and there is a proliferation of devices and infrastructure diversity. Consequently, network security risk is at an all-time high for enterprises across all industries. For strengthening security and helping move organizations along their zero trust path, EfficientIP is unleashing a brand new product known as DNS Threat Pulse that brings DNS Threat Intelligence security feed for proactive defense against cyber threats.

In addition, the upcoming release 8.3 of SOLIDserver brings augmented application access control via micro segmentation, application zoning and enhancements to the DNS Client Query Filtering (CQF) feature built into DNS Guardian. The combination of DNS Threat Pulse and CQF offers a unique solution for early detection, protection, and remediation of security threats.

Below are further details on the capabilities mentioned above.

DNS Threat Pulse: Enabling Proactive Defense with DNS Threat Intelligence

Global cyber threats increased 38% in 2022, with Ransomware doubling and Phishing growing 61%. This trend will continue to accelerate in 2023. A leading target for hackers is DNS with 90% of enterprises suffering a DNS attack in 2023 according to IDC. In particular, over 80% of malware uses DNS to identify a command-and-control (C2) server to steal data and spread malware. And the financial damages for enterprises remains high with the average cost estimated at $942k. This means IT leaders cannot ignore the need to specifically protect DNS. 

At the same time, DNS traffic provides a gold mine of rich data. Unfortunately this insightful information on device, user utilization and behavior is currently being considerably underutilized. In particular, it can bring valuable data to create and fuel effective threat intelligence, improve overall network security, and better protect against ever-evolving cyber attacks. As recently stated by a leading IDC Security expert: โ€œDNS Threat Intelligence can help IT Leaders evolve into a more holistic and consolidated security infrastructure to increase security, gain agility and resilience, and reduce complexityโ€.

DNS Threat Intelligence by EfficientIP DNS Threat Pulse provides Security and NetSecOps teams comprehensive, accurate, and up-to-date intelligence data on malicious domains. The information comes from multiple trusted sources, and helps quickly identify, detect, and protect against cyber attacks.

DNS Threat Pulse provides several categories including phishing, malware, Domain Generation Algorithm (DGA), and Newly Observed Domains (NOD) among others. With market-recognized DNS expertise and innovation, EfficientIP leverages unique DNS traffic data collection and analysis globally used to develop AI leading-edge patented technology and pioneering algorithms. These are used to curate data and ensure highest relevance where needed. All this ensures that DNS Threat Pulse is capable of delivering valuable data, actionable in real-time.

The EfficientIP DNS Threat Pulse features two formats:

  1. Entry-Level Protection: Response Policy Zone (RPZ) to use with any DNS Firewall
  2. Advanced Protection: Client Query Filtering (CQF) combined with the EfficientIP DNS Guardian

DNS CQF Manager: Simplifying Application Access Lists Management

EfficientIPโ€™s Client Query Filtering (CQF) is a unique feature in the network security market. By offering granular filtering (microsegmentation) combined with allow/deny listing based on client classification, CQF provides a powerful checkpoint for application access control.

Building on the existing DNS CQF feature, DNS CQF Manager brings unified creation, management, and distribution of security policies from a central platform. The intuitive GUI incorporated in the upcoming SOLIDserver 8.3 offers IT staff improved control for highly flexible and rich policy creation based on intent behavior or threat level. Together with complete visibility over policies, it is now even simpler to configure lists, tags and categories. Distribution and enforcement of policies among multiple DNS Guardian instances across networks is also far easier.

For finer-grain application access control, DNS cyber threat intelligence can be leveraged, as it is easier now to use intelligence feeds, including DNS Threat Pulse. Combining DNS CQF with DNS Threat Pulse unlocks a whole range of new tags which can be used in access policies.

DNS CQF plus DNS Threat Pulse: a Winning Combination for an Early Security Barrier

Adding DNS Threat Pulse to EfficientIPโ€™s DNS Guardian permits security teams to define, centrally manage, and deploy highly granular and flexible filtering policies. These policies allow mapping of domains, client groups or even individuals to reduce the risk of exposure and strengthen their security posture.

Then, leveraging the powerful DNS Client Query Filtering capability enables IT staff to report, filter or block DNS Domain usages on threat category basis. Detection is at the intent level before any malicious actions are executed, thus preventing them from becoming active at an early stage.

Integration with the security ecosystem is also made possible by using open APIs. This helps thwart advanced attacks, enhance detection, and accelerate mitigation by SOCs.

Combining DNS CQF with DNS Threat Pulse opens up limitless new security use cases. Examples include:

  1. Proactive network security
  • Leverage up-to-data intelligence data to protect against upcoming attacks before they become active
  1. Granular security policy management
  • Manage access to apps and services e.g. IoT access control using allow lists
  1. End-to-end DNS security
  • automate sharing of security events with SIEM, SOAR, and SOC to accelerate threat remediation

DNS Threat Pulse brings organizations reliable foundational technology to solidify and augment their DNS Threat Intelligence. By combining it with DNS Guardian and CQF, they can consolidate their security policy management end-to-end, helping them to level up their network security.

Learn more about DNS Threat Pulse benefits and use cases

When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.