Turn-Key Solutions

PROTECTIVE DNS

When malware infects a system, it doesn’t act independently. Before it does anything, it needs to talk to an external agent that lies outside of the infected system. It must “beacon out” for instructions. Protective DNS blocks access to malicious websites, detects and disrupts malicious communication, which can prevent data exfiltration, filter unwanted content, and provide early threat detection capabilities.

Detect, Block, and Disrupt malicious communications.

SAFEGUARD YOUR ONLINE ACTIVITIES AND ENSURE THAT YOU REMAIN PROTECTED FROM CYBERTHREATS.

WHAT DNS IS

DNS is a fundamental internet protocol that was built for efficiency and scalability — but not necessarily security. The system is designed to fulfill lookups as quickly as possible, with recursive resolvers passing the request along to DNS servers higher up the chain of authority if the information is not stored in their cache.

DNS is often called the ‘phonebook’ of the internet.

Recursive resolvers will contact root servers, which will then pass the request to the TLD nameserver responsible for the queried domain’s extension (.com, .net, .uk, etc.). Finally, the request will be routed to the authoritative nameserver for the requested domain, consulting the domain’s A Record to return an IP address.

DNS Lookup protective DNS

What is Protective DNS

When malware infects a system, it doesn’t act independently. Before it does anything, it needs to talk to an external agent that lies outside of the infected system. It must “beacon out” for instructions.

Protective DNS is a policy-implementing, recursive DNS resolver service built as the successor to the capability currently being delivered by E3A DNS Sinkhole. Protective DNS is deployed upstream of agency networks. The service filters DNS queries - by comparison to a range of unclassified threat intelligence - to prevent resolution for known malicious domains and/or IP addresses. Protective DNS supports emerging DNS technologies including encrypted DNS protocol support (DoH/DoT) and IPv6 resolution. DNS log data is made available to users of Protective DNS to dramatically increase visibility. Additionally, users are able to heavily customize alerts, data extraction, and other system features.

KEY FEATURES

Why we need Protective DNS

When malware infects a system, it doesn’t act independently. Before it does anything, it needs to talk to an external agent that lies outside of the infected system. It must “beacon out” for instructions. Protective DNS blocks access to malicious websites, detects and disrupts malicious communication, which can prevent data exfiltration, filter unwanted content, and provide early threat detection capabilities.

We must assume an organization is already breached – or will be imminently – so the job of Protective DNS is to identify and block communications from adversary infrastructure.

The value of Satius's Protective DNS

Satius Security’s Protective DNS was founded with the mission to learn all we could about adversary infrastructure and then – how to use that knowledge to identify, predict, and ultimately dismantle the attacks associated with that infrastructure.

Our solution is powered by a vast graph database that maps what was nefarious yesterday to what is nefarious today to what is being created for nefarious purposes tomorrow. This happens before attacks are launched, enabling organizations to mitigate the damage.

Comprehensive

Looks at domains throughout their whole lifecycle: from birth to abandonment to rebirth.

Real-time

Real-time insight into meaningful, myriad movements and changes across the internet at any second.

Poweful

Has powerful underlying data that backs up the quality of its solution.

Accurate

Characterizes and separates good and bad communication more accurately.

THE OPPORTUNITY TO DEAL WITH CYBER RISKS BEFORE THE ATTACK

Satius leverages both machine learning and an intricate decision engine to identify suspicious DNS queries. When a domain has been flagged as suspicious by the system, it is then moved into the Watch Engine for ongoing monitoring.

WHAT MAKES OUR SERVICE
THE DIFFERENCE BETWEEN VICTIM AND VICTOR

Satius Security watches the Domain Name System (DNS) egress traffic patterns and therefore understands what domains and infrastructure devices inside the enterprise are trying to communicate with. We focus on understanding where and how often devices are trying to communicate with remote domains or pieces of Internet infrastructure, using advanced tools to understand the associated risk, what can be allowed, what needs to be watched and inspected, what should be blocked, and when alerts should be generated.

Key Capabilities

  • Blocks malware domains
  • Blocks phishing domains
  • Malware Domain Generation Algorithm (DGA) protection
  • Machine learning to augment threat feeds
  • Content filtering
  • API access for SIEM integration
  • Validates DNSSEC
  • DoH/DoT capable
  • Customizable policies by group, device, or network
  • Deploys across hybrid architectures

Ready for Cyber Resilience?

Learn more how our Turn Key solutions delivery can help you achieve Cyber Resilience and be an extension of your team without breaking the budget.

Satius Security Team

Partners

our partners

Satius Security has been providing solutions and services to Enterprise and Government clients in the United States, Middle East, and Europe such as:
Clients

Global Clients

Satius Security has been providing solutions and services to Enterprise and Government clients in the United States, Middle East, and Europe such as:
Blog

Latest news

We fully understand the challenges SMBs and enterprise face alike to meet security frameworks compliance and ensure overall optimal security posture.
Scroll to Top