Our product uses natively RPZ, is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in some products such as:ISC BIND, F5, PowerDNS, Infoblox, Blue Coat and others. Another generic name for the DNS RPZ functionality is “DNS firewall”.
Some interesting Facts
In average we can observe around 210 000 new domains popping up on internet every day, and this number still increasing due the new gTLD’s (e.g. .xyz, .club, .win, .vip). Are all of these legitimate? Some studies revealed that only 2% of the new observed domains were legitimate.
Why is RPZ useful?
Protect users from on the Internet related to known-malicious global identifiers such as host names, domain names, IP addresses, or nameservers. Criminals keep using the same identifiers until they are taken away from them. Unfortunately, the Internet security industry’s ability to take down criminal infrastructure at domain registries, hosting providers or ISPs is not timely enough to be effective. There is a temporal gap between a domain was born and been caught by Intelligent Threat Teams or even Sand Box cloud environments. Using RPZ, you can fix that gap using protection policies based on reputation feeds from security service providers on a near-real-time basis.
How it works?
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
| Point-of-Presence | Collect | Process RPZ & Customize |
DNS Engine | Action per query (Walled Garden, Whitelist,Drop) | Analitycs and Reporting |
What is a Walled Garden?
When a user attempts to navigate to websites configured in custom Zone profile, the user is redirected to the a Welcome Warning Page called Walled Garden. In addition, user can request to whitelist that particular domain for business reasons. A black listed walled garden profile is also available to explicitly block navigation to websites or specific TLD’s.
You decide how much time you want keep the new observed domains blocked, so you have control on your own destiny.
SMB or Enterprise?
The bad actors are looking for profit, so we have seen generic successful campaigns against general SMB where there is lack of knowledge and awareness. These days Internet of Things are booming up and became a security hole on your environment, because you can’t really protect them with your advanced endpoint protection suite.
Remote Access and VPN usage
If you are a remote user connecting to your corporate resources via VPN, you will benefit from RPZ by default. But if you use a VPN provider for privacy concerns, we recommend you to ask your provider at this phase, as we still working on partnerships.
Deployment Modes?
We support both on-premises and cloud, but we prefer on-premises due the latency but if you strategy is cloud no problem we have you covered too. Our solution use the native DNS protocol so it’s agentless, less hassle, management, and software lifecycles.
Roadmap
Customers who want to be part of beta releases or have a feature request we are all hears.
Would you like to have a Free Demo contact us here