Managed Security Service

When malware infects a system, it doesn’t act independently. Before it does anything, it needs to talk to an external agent that lies outside of the infected system. It must “beacon out” for instructions. Protective DNS blocks access to malicious websites, detects and disrupts malicious communication, which can prevent data exfiltration, filter unwanted content, and provide early threat detection capabilities.

Detect, Block, and Disrupt malicious communications.

safeguard your online activities and ensure that you remain protected from cyberthreats.


Why you need Managed Protective DNS

We must assume an organization is already breached – or will be imminently – so the job of Protective DNS is to identify and block communications from adversary infrastructure.



DNS is a fundamental internet protocol that was built for efficiency and scalability — but not necessarily security. The system is designed to fulfill lookups as quickly as possible, with recursive resolvers passing the request along to DNS servers higher up the chain of authority if the information is not stored in their cache.

Recursive resolvers will contact root servers, which will then pass the request to the TLD nameserver responsible for the queried domain’s extension (.com, .net, .uk, etc.). Finally, the request will be routed to the authoritative nameserver for the requested domain, consulting the domain’s A Record to return an IP address.

DNS Lookup protective DNS


What is Protective DNS

When malware infects a system, it doesn’t act independently. Before it does anything, it needs to talk to an external agent that lies outside of the infected system. It must “beacon out” for instructions.

Protective DNS is a policy-implementing, recursive DNS resolver service built as the successor to the capability currently being delivered by E3A DNS Sinkhole. Protective DNS is deployed upstream of agency networks. The service filters DNS queries - by comparison to a range of unclassified threat intelligence - to prevent resolution for known malicious domains and/or IP addresses. Protective DNS supports emerging DNS technologies including encrypted DNS protocol support (DoH/DoT) and IPv6 resolution. DNS log data is made available to users of Protective DNS to dramatically increase visibility. Additionally, users are able to heavily customize alerts, data extraction, and other system features.

The value of Satius's Managed Protective DNS

Satius Security’s Managed Protective DNS was founded with the mission to learn all we could about adversary infrastructure and then – how to use that knowledge to identify, predict, and ultimately dismantle the attacks associated with that infrastructure.

Our service is powered by a vast graph database that maps what was nefarious yesterday to what is nefarious today to what is being created for nefarious purposes tomorrow. This happens before attacks are launched, enabling organizations to mitigate the damage.


Looks at domains throughout their whole lifecycle: from birth to abandonment to rebirth.


Real-time insight into meaningful, myriad movements and changes across the internet at any second.


Has powerful underlying data that backs up the quality of its solution.


Characterizes and separates good and bad communication more accurately.


Satius leverages both machine learning and an intricate decision engine to identify suspicious DNS queries. When a domain has been flagged as suspicious by the system, it is then moved into the Watch Engine for ongoing monitoring.


Satius’s Managed Protective DNS watches the Domain Name System (DNS) egress traffic patterns and therefore understands what domains and infrastructure devices inside the enterprise are trying to communicate with. We focus on understanding where and how often devices are trying to communicate with remote domains or pieces of Internet infrastructure, using advanced tools to understand the associated risk, what can be allowed, what needs to be watched and inspected, what should be blocked, and when alerts should be generated.

Key Capabilities

  • Blocks malware domains
  • Blocks phishing domains
  • Malware Domain Generation Algorithm (DGA) protection
  • Machine learning to augment threat feeds
  • Content filtering
  • API access for SIEM integration
  • Validates DNSSEC
  • DoH/DoT capable
  • Customizable policies by group, device, or network
  • Deploys across hybrid architectures

Ready for Cyber Resilience?

Learn more how our Managed Service can help you achieve Cyber Resilience and be an extension of your team without breaking the budget.


Latest news

We fully understand the challenges SMBs and enterprise face alike to meet security frameworks compliance and ensure overall optimal security posture.
Scroll to Top