Using DNS as a Critical Choke Point


DNS Firewall – RPZ: A Multi-Layered Solution

DNS Response Policy Zones (RPZ) are highly effective and provide a critical choke point against ongoing cyber threats, such as ransomware, phishing, and malware. RPZ enables a fast and ubiquitous defense by blocking DNS resolution to known malicious hosts and sites.

RPZ provides a highly valuable first line of defense and an effective approach to stop phishing and malware infections earlier by identifying already infected devices faster and preventing data exfiltration before it happens. RPZ blocks both incoming and outgoing malicious sources from entering a network.

Your network will be infinitely safer from the risks of malware, phishing, ransomware, bots, and spyware. 

How RPZ Works

If users click on malicious links within phishing emails and inadvertently download malware or ransomware, cybercriminals are able to gain a foothold in the corporate network, allowing them to copy intellectual property, steal, alter, or encrypt data for financial gain, install spyware, or add computers to botnets (networks).

Mitigate this risk by using response policy zones to block access to known bad sites by preventing DNS from resolving malicious domains and IP addresses. This protects users from visiting newly registered malware dropper sites and bad IP addresses that pose a significant risk.

RPZ Using DNS as Critical Choke Point: Increasing Coverage and Visibility

DNS resolvers serve as a critical choke point where all devices in your network must interact to get to the outside world, making this point a logical choice to input security capabilities. RPZ provides a serious defense for multiple layers of your network and an effective means to deploy critical cyber threat Intelligence on known or suspected malicious sites.

Essentially, RPZ turns a recursive DNS server into a DNS firewall. RPZ arms your DNS resolver with a highly effective swiss-army-knife-like filtering mechanism to protect all of your users, devices, protocols, and applications from the associated risks of malware, phishing, and ransomware. It prevents both incoming and outgoing malicious sources from entering your network.

Integration and Customizability

RPZ integrates easily into ISCs BIND (9.8 version or later) DNS resolver software. This gives network administrators the ability to integrate zone files with real-time cyber threat intelligence directly into their DNS resolver, assign security policy, and essentially, respond in a way that matches your specific situation’s needs.

RPZ gives DNS administrators the ability to customize and select the policy according to their own preference (i.e. NXdomain, Domain redirect – customized landing page, walled garden, among others). With RPZ DNS, admins can also manage their DNS traffic, so the sensitive information and data won’t be passed over to a cloud provider or third party.

RPZ runs agentless after you have set everything up, and set up can be accomplished within minutes.

Keeping You Ahead of the Threat

Both Spamhaus and SURBL RPZs are continuously updated in real time to incorporate new threats, every 60 seconds. The RPZ data is highly dynamic and highly accurate.

RPZ also uses fast and secure zone transfers for updates (IXFR), which means that only changes to the lists are broadcasted, allowing updates to be propagated to all domain name servers worldwide in a matter of seconds.

This provides network administrators, security professionals, and service providers with the most current threat intelligence to protect their networks from being compromised by people clicking on phishing links, or browsing untrustworthy sites.

As soon as the new RPZs are propagated, your network users are unable to connect to listed domains and IP addresses, mitigating the threat from new malicious domains.

Gain Access to DNZ RPZ

SecurityZONES provides access to the industry’s highest quality RPZ threat feeds, and all are available for a free trial. Many organizations prefer to run a Trial in ‘Passive / Logging’ mode to see what would have been blocked.