Skip to content

Datasheets

DNS Intelligence Center

Get the latest news, invites to events, and much more

November 29, 2023 |

DNS-centric Intelligence for Proactive Threat Detection and Investigation

Highlights

  • Insightful, actionable, and reliable DNS analytics and intelligence to proactively detect and effortlessly investigate potential threats
  • Single-pane-of-glass visibility of malicious domains matched in DNS enterprise traffic across the entire DNS architecture or per server 
  • User-friendly interactive dashboards to easily search domain names and navigate historical domain name matches over time to instantly spot suspicious intent
  • Cutting-edge, global data collection infrastructure for higher quality and relevance to build efficient DNS-centric Intelligence 
  • Highly-scalable, enterprise-grade infrastructure, offering a cost-effective alternative to dedicated hardware-based analytics solutions
  • Comprehensive end-to-end solution in combination with DNS Guardian and DNS Threat Pulse for efficient threat prevention and accelerated remediation

Ever-growing and increasingly-sophisticated cyber threats, proliferation of devices, and today’s diverse infrastructures are increasing the overall complexity of networks, making them difficult to protect. Threat intelligence has emerged as a pivotal aspect of cybersecurity defense, with 60% of organizations considering it vital to company strategy and defense against cyberattacks.

According to the 2023 IDC Threat Report, 90% of enterprises have experienced one or more DNS-based attacks and 85% of malware actors are using DNS to develop their attack. While DNS is actively abused by cybercriminals, DNS traffic includes rich DNS insights to help defend against threats upstream. 

This is why organizations need to develop DNS-centric Intelligence. More specifically, they need to be able to detect and investigate malicious intent and behavior as early as possible, before it has an impact on their business. Addressing this need, DNS Intelligence Center (DNS IC) offers CISO, SOC, and security teams insightful, actionable, and reliable DNS analytics and intelligence accessible from a unified cloud-based visualization portal, helping organizations to proactively detect and investigate threats across multi-faceted networks.

DNS Intelligence Center at a Glance

The DNS Intelligence Center portal allows organizations to view comprehensive, analyzed, and categorized data on domain names,  so they can easily detect potential threats and efficiently investigate suspicious activity to take appropriate security measures. By matching EfficientIP DNS Threat Intelligence database with enterprise DNS traffic, security teams can immediately detect malicious domain hits, raising alerts and making rapid decisions. Browsing risk scoring and detailed domain name intelligence, including Indicators of Compromise (IoC), enable them to effortlessly investigate a domain name, quickly assess whether it is malicious or not, and identify a potential threat.

Leveraging a highly scalable cloud-based enterprise-grade infrastructure makes DNS IC reliable and sustainable over the long term. Its modern architecture is designed for continuous and large-scale collection and storage of DNS statistics across geographies and networks. This massive amount of data is processed and classified using pioneering AI and ML-based algorithms to generate near real-time insights and analytics that users can access at their fingertips, from any device. 

DNS IC can be used in combination with EfficientIP’s DNS Guardian and DNS Threat Pulse, offering a comprehensive end-to-end solution for a proactive stance against cyber threats that includes prevention, detection, investigation, and remediation. Integration with the security ecosystem enables you to automate the security response and move towards a more holistic security infrastructure for greater agility.

Key Features

Comprehensive DNS analytics and intelligence

DNS IC provides rich and insightful DNS analytics and detailed intelligence on domain names enabling security teams to view and assess what’s inside DNS traffic. Information viewable includes:  

  • Number of malicious hits against Efficient IP DNS Threat Intelligence database in total and per DNS server
  • Threat Category
  • Risk score ranging from A (low risk) to F (high risk)
  • Host server IP address and country for a given Domain Name
  • First and last seen date
  • Presence in Threat Intelligence sources 
  • Top by category and subcategory
  • Presence in major domain names lists
  • Whois
  • SSL certificate information
  • Other DNS and web information (history of DNS records associated with a FQDN, other FQDNs associated with the same IP address, word map, website screenshot…)

Single-pane-of-glass visibility

From a centralized, unified portal available from any device, your security team has granular visibility down to individual DNS server or across the entire DNS infrastructure. This visibility on intent and behavior accelerates your decision-making process i.e. do nothing, investigate or report. 

Interactive dashboards

From user-friendly, predefined dashboards including widgets, you can easily search, filter, and browse historical domain name information. It is also possible to zoom in and out with a visual timeline to spot trends and peaks, eliminate noise, and go deeper to find where the problem lies. Widgets can be embedded into third-party business applications for broader accessibility and monitoring.

Threat Detection

With DNS Intelligence Center, you can instantly point and identify malicious intent earlier. This is made possible thanks to enterprise DNS traffic matched with our unique DNS Threat Intelligence containing comprehensive, categorized, and active threats. DNS IC classifies matched occurrences in defined categories (malware, phishing…). From the interactive dashboard, you can obtain a more detailed breakdown per hit, domain, category and other information. 

Threat Investigation

By browsing detailed metrics including whois and certificate, category, Indicators of Compromise (IoCs), location and Risk Scoring among other DNS, web, and site information, your SOC and security teams can efficiently investigate, complete root cause analysis, and assess the level of risk associated with a domain name. 

Simple deployment and access

As a cloud-based service, DNS IC is easy to set up, deploy, activate, and access once subscribed to. It can scale quickly by adding new DNS servers according to business needs. Relevant DNS statistics are instantly analyzed, aggregated, and displayed in dashboards.

High qualitative data processing

Comprehensive, volumetric DNS data and statistics are collected continuously across any devices, applications, and networks (on-premise, cloud or multi-cloud) at internet scale. They are combined with contextual information from the organization’s DNS traffic to increase data relevance and quality. History and details on past as well as current behavior and intent are included. All of this forms a cutting-edge DNS Threat Intelligence database that is always up-to-date, relevant, and accurate. The data is then analyzed, curated, and classified leveraging AI-ML technology and innovative algorithms to generate reliable DNS analytics. 

Enterprise-grade platform

As it leverages highly scalable enterprise-grade platform that uses modern cloud technologies, long-term reliability and sustainability of DNS IC is ensured. Its microservice architecture caters to any volume of DNS statistics whatever the customer’s profile and distributed architecture. In addition, optimized data flow and storage make it a flexible and cost-effective alternative to dedicated hardware-based analytics solutions. 

Complete End-to-End Solution

For advanced, global protection, DNS IC can be used in combination with DNS Threat Pulse, DNS Guardian and Client Query Filtering, allowing security teams to define, centrally manage, and deploy highly granular and flexible security policies by mapping domains, tags, client groups or even individuals. This comprehensive end-to-end solution enables behavioral threat protection and accelerated remediation using adaptive countermeasures, to protect against cyber threats, preventing infection and malicious activity. 

Moving one step further, by integrating DNS intelligence with existing security tools, organizations can quickly correlate DNS domain names intelligence and analytics across various systems (SIEM, SOAR, NAC, TIP…), automate incident handling for a more adapted response, and reduce MTTR for greater business resilience. This brings you closer to a more integrated security infrastructure, gaining agility and overall efficiency.

By adding DNS IC to your security ecosystem, you take a proactive stance against any anomalies on network utilization, behavior, and intent that can impact security, compliance, and service continuity.

Simplify & Secure Your Network

When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.

Key Resources

Ddi Observability Center
Datasheets
DDI Observability Center
Explore
Dns Intelligence Center
Datasheets
DNS Intelligence Center
Explore
Dns Threat Pulse
Datasheets
DNS Threat Pulse: Leverage DNS Threat Intelligence for a Proactive Defense
Explore
Network Object Manager
Datasheets
Network Object Manager: Trusted Network Objects Repository for IT Design and Automation
Explore
Datasheets
Cloud Observer: Cloud Instances Discovery and Management
Explore
Solidserver Ddi Suite of Appliances
Datasheets
SOLIDserver DDI Suite of Appliances
Explore
Dns Blast
Datasheets
DNS Blast: High Performing DNS Cache Against DDoS Attacks
Explore
Datasheets
DNS Cloud: Powered By AWS Route 53 and Azure DNS Zones
Explore
Datasheets
Device Manager: IT Topology Design and Management
Explore
Datasheets
DNSSEC Management
Explore