DNS RPZ Firewall

Stop Threats at the Root

FREE TRIAL

Strengthen Security at the Foundation

Our DNS RPZ Firewall provides a proactive approach to threat prevention by stopping malicious activity where it often begins: at the DNS layer. By leveraging our high-fidelity threat intelligence across categories like malware, ransomware, phishing, and cryptojacking, we deliver real-time protection through purpose-built DNS zones ready for immediate integration with your DNS resolver.

This solution requires no changes to your existing network architecture or endpoint installations. It operates as a transparent, high-performance safeguard, blocking harmful domains before connections are established. DNS-layer security serves as a foundational and first line of defense that complements your broader cybersecurity strategy.

COVERED THREATS

 

– Command-and-Control Servers
– Cryptominers
– DGAs
– DNS-over-HTTPS Servers
– Malware & Ransomware
– Phishing
– Emergent Threats Domains (Add-on)

FEATURES

 

– Updated every 5 minutes
– Automatic transfers (AXFR/IXFR)
– Cisco Umbrella domain ranking-filtered zones
– Configure and forget

FLEXIBILITY IS KEY FOR DNS SECURITY

DNS-based access control is a powerful tool, but it requires precision. Our DNS RPZ (Response Policy Zone) firewall is structured into distinct zones for each threat category, such as command-and-control (C2) domains, domain generation algorithms (DGAs), phishing sites, and malware distribution hosts. This separation enables fine-grained policy enforcement and tracking.

While blocking C2, DGA, and phishing domains is typically low-risk and effective, malware distribution presents unique challenges. Malware is often delivered through legitimate, high-traffic platforms like Dropbox, Google Drive, or GitHub. Blocking these services outright would disrupt normal business operations, making granular control essential.

We leverage Cisco Umbrella’s domain rankings to inform our whitelisting strategy. Our feed offerings include versions with varying degrees of filtering/whitelisting to allow organizations to select the level of strictness that best fits their risk tolerance and operational requirements. This combination of segmentation and whitelisting ensures both security and operational continuity.

A Zone for Each Threat Type

We offer distinct response policy zones for each threat type so you can apply only the zones that suit your needs.

Whitelisting to Reduce FPs

To help prevent disruptions to popular services, we offer zone files with varying thresholds of top Cisco Umbrella-ranked domains removed.

Walled Garden Options

Redirect users who attempt to access malicious domains to our customizable walled garden page, or configure your own landing page instead.

Key Benefits

  • Simple Deployment and Maintenance
    Seamlessly integrates into existing infrastructure with no need for additional hardware or changes to your network topology.

  • Early Threat Mitigation at the DNS Layer
    Blocks malicious activity during the domain name resolution process to stop threats before connections are established.

  • Granular, Targeted Defense
    Provides fine-tuned protection against prevalent threats such as malware, ransomware, phishing, and command-and-control callbacks.

  • Stop Data Exfiltration Attempts
    Prevents unauthorized data transfers by intercepting DNS-based tunneling and callback attempts to attacker-controlled domains.

  • Rapid Identification of Compromised Endpoints
    Detects devices attempting to reach malicious domains, helping you quickly isolate and remediate infected systems.

  • Reduce Load on Security and Support Teams
    Automatically blocks threats at the source, decreasing the number of incident response and cleanup tasks required.

  • User Awareness Through Real-Time Feedback
    Redirects users who attempt to access harmful sites to an informational “walled garden,” reinforcing security policies and awareness.

  • Potential Reduction in Cyber Insurance Premiums
    Enhancing your DNS-layer defenses may support compliance requirements and risk reduction benchmarks recognized by insurers.

?
Malware Patrol is always on the forefront of the latest threats. Their data helps me to better understand the landscape of cyber attacks.

Vice President, Threat Intelligence

If you’re looking for a top-notch threat intelligence provider, you can’t go wrong with Malware Patrol.

Security Analyst

Malware Patrol has a great team and offers a comprehensive set of data feeds designed to keep you one step ahead of the bad guys.

Lead Cyber Security Analyst

The Extra Layer Of Protection You Need

Schedule Your Evaluation
?