DNS is critical infrastructure that typically lacks security and is not being monitored or controlled, resulting in abuse by malicious actors.

Cloudmark Security Platform for DNS is a software solution that delivers comprehensive protection of DNS networks, infrastructure and traffic. With the Cloudmark solution for DNS, service providers and enterprises gain deep insight into how DNS elements are being used and misused.

Cloudmark Security Platform for DNS can be implemented as a comprehensive, standalone security solution or as an enhancement to existing security hardware and appliances. It performs real-time application layer behavior and content analysis to predict threats.

Cloudmark Security Platform for DNS delivers:

  • Advanced identification and control of DNS threats
  • Prevention of Internet outages
  • Blocking of tunneling and data exfiltration
  • Increased scalability and effectiveness over appliance-based solutions
  • Identify Threats

    Today, DNS lacks the security monitoring and threat detection commonly deployed for other services such as email or web.

    This makes DNS an increasingly vulnerable and attractive target for malicious actors who use DNS for:

    • Carrying botnet/Advanced Persistent Threats (APT) command and control
    • Hijacking endpoints and network equipment to spread malware
    • Stealing secret or sensitive data

    Cloudmark Security Platform for DNS performs real-time behavior analysis and anomaly detection by leveraging Cloudmark’s Global Threat Network. This empowers your organization to detect and block threats in real-time, staying ahead of the criminals.

  • Prevent DNS-Based Infrastructure Attacks

    Internet services are essential to service providers and their customers as well as to enterprises. An outage caused by a DNS-based DDoS attack can result in total loss of Internet service.

    Cloudmark Security Platform automatically scans all DNS traffic to protect service providers and enterprises against outages or slowdowns caused by attacks on your DNS infrastructure.

  • Prevent Unauthorized Tunneling over DNS

    The lack of existing DNS security protection makes it an ideal protocol for data theft. By exfiltrating data over DNS tunnels, malicious actors can easily bypass better-protected protocols such as HTTP, and hide in the DNS traffic stream.

    DNS can also be used to create reverse-tunnels, which enable outsiders to access internal network resources, again without being detected by traditional security solutions.

    Additionally, DNS traffic is not usually billed on Wi-Fi networks. This enables the use of DNS as an unauthorized tunnel to bypass billing. Even a small (<1%) amount of DNS tunneling can lead to a large (3-4x) increase in the infrastructure required to support DNS, as well as revenue loss on the unbilled traffic.

  • Increased Scalability and Effectiveness over Appliances

    Unlike appliance-based solutions, Cloudmark Security Platform for DNS is a software solution that can be deployed in fully virtualized or traditional environments.

    Cloudmark Security Platform for DNS has the following advantages:

    • Scales more effectively than appliances, running on inexpensive COTS hardware
    • Can be implemented as a comprehensive, standalone security solution or to enhance existing security hardware and appliances
    • Flexible deployment options — inline detection for active blocking of threats or passive deployment for monitoring/alerting
    • Improved threat detection — real-time application layer behavior and content analysis to identify threats

Learn About Our Free DNS Security Trial

Featured Videos

Javascript must be enabled to view videos.
DNS Tunneling and Data Exfiltration

DNS Tunneling and Data Exfiltration

Explore how DNS tunneling can be used by cybercriminals to exfiltrate data from your network and how you can protect your network and your data from such attacks.

DNS Leads to DDoS

DNS Leads to DDoS

Cloudmark CTO Neil Cook explains how DNS networks can be a gateway for DDoS attacks.

Featured resources

Site Map  •  Privacy Policy  •  ©2002–2016 Cloudmark, Inc.