What is a DNS Firewall?

A DNS firewall is a cyber security defense that uses the DNS protocol to prevent endpoints (laptops, workstations, servers, IoT devices, etc.) from acquiring an IP address (A record) to a malicious destination. This is also known as DNS filtering.

How does a DNS Firewall Work?

There are a few ways to deploy a DNS firewall. Securd delivers a DNS Firewall as a cloud based service on an worldwide anycast network.

Endpoint Initiates A DNS Lookup

An endpoint attempts to access a domain name such as maliciousdomain.com. For the endpoint to connect to the domain, it needs to get an A record with an IP address.

We Validate The Query

Securd determines if the DNS query is coming from a subscribed customer. If the DNS query if not approved, it will be blocked. Otherwise, Securd will process the subscriber DNS query.

We Processes The DNS Query

If the DNS query matches the criteria in a security policy, Securd returns its response. Instead of allowing Securd global recursive DNS servers to process the request, the DNS server will respond with a block. If a browser produces the query, the user gets a block page with the reason why it was denied. All the blocked traffic is logged for the administrator to review.

Access To The Threat Denied

If the DNS query matches criteria in a security policy, Securd returns it's own response. Instead of allowing Securd global recursive DNS servers to continue to process the request, a block response is provided back to the endpoint. If this request was done through a browser, the user would be redirected to a block page with the reason why the block occurred. The block is recorded in passive dns logs available to the customer administrator.

What Threats Does DNS Filtering Mitigate?

The Securd DNS Firewall gives endpoints connecting directly to the Internet protection from the most common delivery of attacks including phishing, malware, ransomware, adware and more.

security
Covid Threats

Domains associated to Covid-19 related cyber crime.

security
Zero Reputation

New registered domains and dormant domains.

security
Poor Reputation

Domains controlled by spammers and bad actors.

security
Botnet Command Control

Domains hosting a botnet C&C.

security
Adware

Domains hosting malicious adware.

security
Phishing

Domains hosting an active phishing site.

security
Malware Hoster

Domains hosting downloadable malware.

security
Botnet Resource

Domains hosting a botnet component.

security
Bad Nameserver

DNS servers with poor reputation.

security
Domain Algorithm (DGA)

Domains generated by an algorithm.

security
Crypto Mining

Domains hosting crypto mining scripts.

security
Typosquatting

Typosquatting domains that target top sites.

security
High Risk Networks

Domain hosted on globally blocklisted IP or network.

security
Pornographic Content

Domain hosting pornographic content.

security
Build Your Own Blocklist

Create any global block list of hostnames or domains you want to block.

Try Securd free for 14 days

Start protecting your network and endpoints from cyber threats in minutes.

GET STARTED

 

Get started now and you can cancel at any time.