The principle of a DNS firewall is simple. It uses DNS resolvers to protect an organization’s users from visiting websites that could lead to malware, ransomware and or other malicious cyberattacks that can harm an organization’s network.
DNS firewalls work as an additional layer of protection—along with other tools like a regular firewall—to block domain resolution, enabling attacks to be either deactivated or managed by developers.
To operate, a DNS firewall needs to know which domain names are legitimate, and which are malicious. This knowledge comes from a threat feed which is loaded into a DNS resolver and used to evaluate incoming DNS queries (resolution requests). Any query sent from any application, from any device that uses DNS, is compared against the embedded threat feed to determine whether or not it’s legitimate.
DNS firewalls are only the beginning
A DNS firewall is a great tool for protecting your organization from cyber threats.
That’s because so many cyber attacks require the DNS to function.
The DNS is popular with malware developers because it connects everything on the internet on every network. The DNS is simple to manage and offers everything a cyber criminal needs. It also provides a comfortable degree of anonymity because domain registration activities can be obscured. The DNS also allows instant (and stealthy) activation of malicious domain names when they’re needed. A bonus? It’s inexpensive—domain registration is cheap or completely free—so hackers can maximize their ROI.
That means that if you can stop cyber threats at the DNS level, you’ll go a long way towards protecting your network from malicious attacks.
To protect your organization, you also need to be able to tell which websites you want to block in the first place.
Enter: the threat feed.
How a threat feed works with a DNS firewall
Threat feeds matter because they allow you to identify and block—on a continuous, automated, basis—threats as they emerge.
Threat feeds use machine learning, artificial intelligence and algorithms to scan the internet for malicious sites that could do harm to your network. This list then feeds into other tools—such as a DNS firewall—to prevent those sites from reaching your network.
Threat feeds accomplish what any single person (and most organizations) cannot. It crawls the internet and actively seeks out harmful websites which can then feed into a tool designed to prevent users of your network from accessing those websites.
How a threat feed works to keep your network secure
The problem with cyber threats is that they are constantly changing. Cyber criminals are always busy developing new tools and tactics to access your network.
If your cybersecurity infrastructure can’t combat new threats as they emerge, your organization is going to be exposed.
By seeking out a threat feed that will identify new and existing threats, you’ll be well on your way to adding another layer of protection for your network.
Are you looking to increase your organization’s threat protection? CIRA DNS Firewall uses Akamai’s threat feed to keep Canadian organizations protected from cyber threats.
Mark Brownlee is a Product Marketing Manager with CIRA Cybersecurity Services. His work, which focuses on the CIRA DNS Firewall and Canadian Shield products, is dedicated to helping protect people and organizations in Canada from cyber threats. His background is in marketing strategy, communications planning and advertising best practices.
- [email protected]
