What Is Protective DNS?
A few months ago, the US federal cybersecurity came out with a memo referencing the importance of protective DNS to protect your network and workstations. The memo by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) detailed the benefits of using the Protective Domain Name System (PDNS), among other critical pointers.
The DNS, or Domain Name System, is a critical part of the internet’s resilience. It makes sending an email, performing a secure shell connection, or navigating a site easier by translating domain names into Internet Protocol (IP) addresses. So, basically, DNS converts human-readable domains (like example.com) into an IP address to connect to (like 161.185. 160.93).
People refer to DNS as “the phone book of the internet” because it sends the right domain when one types in a web address. Thanks to DNS, there’s no need to memorize all the website-associated IP numbers. DNS also facilitates machine-initiated actions like getting software updates and distributing and operating malware. That’s where protective DNS comes in.
What is a Protective DNS?
Protective DNS is a security service that evaluates DNS queries and takes action to mitigate threats. It’s designed to stop the use of DNS for the operation and distribution of ransomware, malware, viruses, spyware, and other cyber threats by barring the browser from assessing sites that have been identified as malicious.
PDNS uses Response Policy Zones (RPZ), a security protocol to boost DNS resolvers with security intelligence about the domain it’s handling. RPZ allows for custom signatures and filters that DNS operators can use to comply with security and policy requirements. It lets anyone running a DNS resolver restrict access to content that’s potentially malicious or unwanted.
DNS protection services check domain names and addresses against a range of threat intelligence directories and databases. If a site is suspected or known to be malicious, DNS protection ensures you’re redirected back to safety without exposing business systems to the identified risk. Examples of DNS protection include malware defense, web domain categorization, advertisement restriction, and content filtering.
Protective DNS Services for Remote Workers
PDNS is particularly important during these times. The Covid-19 pandemic ushered in a new era of remote work for millions of employees. According to Intuition, 47% of company leaders would allow employees to work from home full time after the pandemic. And that shouldn’t be a problem, considering 77% of employees report more productivity working remotely.
While this arrangement allows business continuity, it also puts companies at additional risk from cyber threats. Cyber attackers and criminals know that businesses are adopting the work-from-home model and that employees are using work laptops that may contain critical business data. PDNS can block suspicious internet activity at the source. It allows employees to benefit from end-to-end protection any time they’re online.
PDNS detects when a work device is used outside of the business network and redirects DNS traffic to PDNS using an encrypted protocol. It gives employees the same protection against cyber threats as they would have when connecting from the corporate network. It also ensures that your business devices are clear of any infections when brought back to the office.
How Attackers are Using DNS
DNS is the foundation on which the internet is built. That makes it a target for cybercriminals. Phishing links, ransomware plots, and malware attacks inevitably involve DNS protocol. DNS protection helps you secure your company network. In the current environment where the already thin line between professional and personal lives continues to blur, businesses must secure home networks too.
Cybercriminals use DNS in various ways to generate threats and attack your business. Some include:
- Distributed Denial Service (DDoS) – where they saturate the system with seemingly legitimate traffic to make your DNS unavailable.
- Denial of SPrvice Attacks (DoS) – These are meant to shut down your network, making it inaccessible to its intended users.
- DNS hijacking – or DNS redirection, is where DNS queries are incorrectly resolved to redirect users to malicious sites.
- DNS tunneling – where criminals insert malware or pass stolen data into DNS queries.
The Core Capabilities of Protective DNS
A secure DNS service is the best way to improve your bring-your-own-device (BYOD) policies and protect information within and outside the workplace. DNS protection comes with the following capabilities:
Malware and Phishing Protection
Protective Domain Name System blocks sites containing malicious or harmful content like viruses and scams. This is critical, as it protects your systems if your employees fail to identify a phishing attempt. But still, you need to implement a content filtering solution and educate your team about these attacks to enhance security.
PDNS comes with a content filtering capability, so you don’t have to invest in a separate solution. Content filtering blocks unwanted content from unsecured platforms and adult sites. It limits the chances of your employees visiting suspicious sites that are potentially dangerous, reducing the chances of attacks.
This is a form of content filtering that blocks ads with malicious applications hidden inside of them or tries to collect critical data from an employee. It also blocks out legit ads because they are not only distractive but also slow down systems.
Slow speeds and downtimes due to attacks can affect productivity. PDNS improves speed, allowing for a faster lookup. It also increases reliability. Considering how often DNS resolution is used to connect to the net, even a small improvement can offer a boost in performance levels.
Cybercriminals maximize on the fact that people can misspell domain names. So, they buy these domains and use them to trick unsuspecting employees. They may either collect data from them or install malicious programs on them. PDNS offers typo correction to fix things like Microsft.com to Microsoft.com.
PDNS offers botnet protection, a very crucial feature in the age of botnets and IoT devices. This capability blocks communication with known botnet servers, protecting your company’s network.
When you use PDNS, malware and attackers can’t access the known malicious domains to hijack your network as the service will lock them out. Attacker’s ability to steal critical information or cause harm will be reduced.
PDNS is a critical part of your security stack within your business. Contact us if you have considering implementing PDNS solutions in your business or have any further questions or concerns about the same. We will be happy to help.