PROVIDING SECURITY SOLUTIONS SINCE 2005
DNS RPZ
FIREWALL
● Customizable
● Easy to consume
● Integrate with your environment
Want To Evaluate?
Talk with our experts
CONTENTS
Response Policy Zones: C2s • COVID-19 Newly Registered Domains • Cryptominers • DGAs • DNS-over-HTTPS Servers • Malware • Phishing.
FUNCTIONALITY
Updated every 5 minutes • Automatic transfers (AXFR/IXFR) • Cisco Umbrella Domain Ranking filtered zones • Configure and forget
PRODUCT OVERVIEW
DNS RPZ firewall
DNS Firewall is a service that filters and blocks DNS queries based on predetermined criteria, such as domain names. By doing so, DNS Firewall can help prevent access to known malicious content.
Threat Intelligence produced by Malware Patrol on known malicious domains (malware, ransomware, phishing, cryptomining, etc) is packaged into DNS zones ready to be consumed by a DNS resolver. DNS Firewall then uses this data to block requests to these domains, keeping users safe from these online threats.
No changes to the existing infrastructure or installation of software in the endpoints are required. DNS Firewall is a transparent, fast and reliable mechanism that enables an additional layer of protection for users and devices connected to the Internet.
FLEXIBILITY IS THE KEY FOR DNS SECURITY
It can be complicated to restrict access at the DNS level. While it is usually without many issues that you can block C2s, DGAs, and phishing sites, malware poses some problems. That is because many legitimate and very popular sites unknowingly host malware. These include Dropbox, Google Docs, GitHub, and many others.
When administrators block access to these sites, many of which are used for work, it can be very problematic. This is why granularity is key.
A Zone for Each
Threat Type
Malware Patrol offers seven separate response policy zones. With a zone for each threat type, it is easier to maximize threat coverage while minimizing the impact on users.
Each zone can be implemented – or not – depending on your needs.
Whitelist and Filter Out Top Domains
Simple web interface that allows customers to whitelist specific domains.
And, to further help customers avoid blocking high traffic sites, Malware Patrol includes zone files with the top 25,000, 100,000, and 1,000,000 Cisco Umbrella domains removed. The Cisco Umbrella classification is updated weekly and applied seamlessly.
Custom “Walled Garden”
You can use our “walled garden” to send your users to when the try to resolve a malicious domain. Or, you can configure your company’s own page using the instructions available here.
STOP THREATS
AT THE ROOT
ISC developed DNS RPZ (Response Policy Zone) as an open, vendor-independent component of the BIND Domain Name Server. RPZ functions as a DNS network security firewall with rules expressed in specially constructed zone files. The resulting segmented structure provides a very effective method of leveraging threat data to detect and prevent malware and ransomware activities at the DNS level.
Administrators use DNS RPZ to create rules that initiate specific responses and actions. Then, based on these rules, the firewall provides alternative answers to queries. For example, when a workstation, server, or other network device tries to connect to a malicious website, it will not be able to resolve DNS. Instead, it will be redirected to a web page that explains why access was blocked.
By redirecting to a “safe” page, the DNS RPZ firewall network security not only protects assets, it also educates users. They get information in real-time, about the link, email, or resource that was taking them to a malicious site.
SET UP A DNS FIREWALL IN 5 EASY STEPS
Watch our configuration guide video with step-by-step instructions for setting up a DNS RPZ Firewall.
A written version of the guide is available on our Tech Support page