+1.813.321.0987

DNS Firewall

Protection Against Malware, Ransomware, C2s, DGAs, Phishing
and Cryptominers

Stop Threats at the Root

RPZ (Response Policy Zone) DNS was developed by the ISC as an open and vendor-neutral component of the BIND Domain Name Server. RPZ functions as a DNS firewall in which rules are expressed in specially constructed zone files. This segmented structure provides an effective method of leveraging threat data for the detection and prevention of malware and ransomware activities at the DNS level.

With this tool, administrators can override the global DNS and create rules that initiate specified responses and actions, such as providing alternate replies to queries. When a workstation, server or other network device tries to connect to a malicious location, it is unable to resolve DNS and is redirected to a specially crafted web page that explains why access was blocked. A DNS RPZ firewall not only protects assets, it also provides an opportunity to educate users so they can be made aware of the link, email or resource – in real-time – that was leading them to malware.

Threat Data

Flexibility is Key for DNS-Level Security

Restricting access at the DNS level is not without complications, however. While C2s, DGAs, and phishing sites tend to be “no brainers” as far as blocking access is concerned, many legitimate and very popular sites unknowingly host malware: Dropbox, Google Docs, etc. Preventing users from reaching these sites can, understandably, be met with great resistance. For this reason, granularity is key to helping administrators maximize threat coverage while minimizing the impact to their users’ crucial online sites, tools, and applications.

A Zone for Each Threat Type

To provide flexibility to our customers for managing the needs of their users or clients, we offer five separate Response Policy Zones. Each zone can be implemented – or not – depending on your needs. These zones include domains hosting (1) C2s, (2) DGAs (used by over 40 malware and ransomware families), (3) Malware, (4) Cryptominers, and (5) Phishing sites.

Whitelisting

Apart from applying only the zones that relate to the threats faced by your business, Malware Patrol allows for whitelisting domains from all zones via a simple web interface.

Another tool available is the filtering of domains using the Cisco Umbrella domain ranking. Zones can be filtered based on the top 25,000 1000,000 or 1,000,000 domains as per your request. The Cisco Umbrella classification is updated weekly and applied seamlessly with the whitelisting mechanism.

Custom “Walled Garden”

You can use our “walled garden” to send your users when they hit a malicious domain, or configure your own using the instructions available here.

 

Package Details

Contents

Response Policy Zones:

  • Malware
  • DGAs
  • Command & Control Servers
  • Cryptominers
  • Phishing

Formats

Zones are automatically transferred using AXFR/IXFR mechanisms

Cisco Umbrella Domain Ranking filtered zones

Apply whitelists to zones, even on top of Cisco Umbrella filtered ones

 

Features

Free 7-day data evaluation

Includes Business Protect Data Feed Package

Zones updated every 5 minutes

Unlimited-use commercial license

Annual subscription

Configure and forget

 

 

Set up a DNS Firewall in 5 Easy Steps

Watch our webinar for step-by-step instructions on setting up and enabling a DNS Firewall.