Malicious domains are typically active for a short period before being abandoned, providing only a brief window of time for systems to be compromised.
Knowing that, organisations face the risk of clients establishing connections to domains that may later be identified as malicious.
Next-generation firewalls typically come with a default “any-any” rule, allowing traffic to flow freely and leaving organisations vulnerable to novel threats such as zero-day exploits. This is because a typical zero-day attack lasts 312 days on average before being detected as shown by Bilge & Dumitras’ studies.
Given that such attacks can occur at the DNS layer as well, it becomes even more difficult for businesses to discover breaches.
Positive Security Model
A DNSDome Feature
DNSSense helps establish a more secure posture through the implementation of a Positive Security model. This approach entails granting only the specific access permissions defined by users, thereby reducing the attack surface.
In cases where a domain is not categorised or falls into a potentially suspicious category, DNSSense takes immediate action by blocking connection until they are marked as safe in near real-time, ensuring that any unclassified domains are promptly categorised. This rapid categorisation process is a highly effective precautionary measure that guarantees a secure online experience for users without sacrificing connectivity or triggering false positive alerts.