HYAS Product Enhancements - Part II

Product Release News

If you know the movie and novel The Princess Bride, then you’re familiar with a certain narcissistic, 2-bit criminal concluding that “you fell victim to one of the classic blunders.” While getting into “a land war in Asia” and “going in with a Sicilian when death is on the line” are classic blunders according to cult movie lore, there are classic blunders in cybersecurity we strive to avoid being victimized by - getting phished and falling prey to ransomware or business email compromise are a few that probably top the list.


Protecting your organization from these and other forms of cyber threats are precisely why you get up in the morning, it’s why you vie for budget, search for qualified staff, and evaluate and purchase technology to accomplish your cybersecurity mission.

It’s also why HYAS clients depend upon our protective DNS solution, HYAS Protect, as a trusted and necessary component of their security stack.

What HYAS Protect Brings to the Table

HYAS Protect stops the connection with malicious web links when employees are tricked by phishing emails. If malware has already infected an employee machine, HYAS Protect prevents communication of the malware with its command and control, stopping malware from causing damage.

HYAS Protect also enforces acceptable internet use policies and aligns them all with existing business units, departments, and teams in your company. That means specific groups or users can access what they need to get their jobs done, but are prevented from tempting services or sites that could get mixed up with look-alikes operated by the bad guys.

And while real-time protections and enforcement like these act as a preventative layer of security, HYAS Protect also highlights patterns in your DNS traffic to drive security awareness and analysis that further protects your organization and helps you achieve a higher level of resiliency.


Well, HYAS Protect has gotten even better, with the recent release of new capabilities that ensure ease of use, support your organization's existing network architecture, and help make your organization more resilient.

Classic blunders? Not if we can help it!

Newest Capabilities to Serve Your Needs

Check out some of the newest capabilities in HYAS Protect:

Split-Horizon DNS

HYAS Protect has long supported the idiosyncrasies of diverse network architectures so common in modern business. HYAS Protect lets you configure multiple source networks, it supports employee machines and mobile devices as they roam across public networks, and even integrates with other security tools so that HYAS standards of security can be achieved while hitching a ride on existing agents or other tech. In other words, we are all about adapting to your environment and making using HYAS a breeze.

Split DNS Image

HYAS Protect now supports “split-horizon DNS” for handling DNS requests differently depending upon whether the employee is on-network or off.

We already support “local domains” so that internally-facing applications and services are only accessible from the office. But in a split-horizon setup, the DNS server resolves the same domain name differently, depending upon whether the request originates internally from within the network or externally. It also helps ensure that employees have the “experience” determined by IT Security based upon the location of the employee.

Chalk up another win for HYAS Protect in meeting your organization where it is, and sidestepping any headaches in rolling out protective DNS!

The HYAS Protect Relay

Speaking of sidestepping headaches, we have also launched our HYAS Protect Relay which further improves the visibility, analysis, and ultimately protections that HYAS provides, but expands it into your internal network. To understand how, let’s take a look at the HYAS Protect deployment options:

HYAS Protect Deployment Options

HYAS Protect clients have the option of configuring protections on employee devices (via an agent), configuring for office networks (via DNS resolver), and integrating with existing capabilities like endpoint detection and response, or EDR (via piggybacking off of existing agents and capabilities).

Well, the HYAS Protect Relay augments resolver-based deployments (option #2 above) by providing visibility on DNS requests inside the network. By using our HYAS service inside the network, your organization’s internal DNS lookups, their frequency, and their metadata all become visible in HYAS Protect. That means more holistic visibility that can be leveraged to drive improved security for your organization.

Self-Service Single Sign-on Configuration

You can now enable and configure SAML-based Single Sign-on (SSO) to support integration with your existing identity provider. HYAS SSO capabilities bring all the traditional benefits of SSO like reduced password fatigue, better efficiency, and alignment with authentication services and policies required by your organization.

It also brings additional custom role mapping that allows you to configure what HYAS Protect roles - such as administrator, analyst, or executive - are permissioned for each user based upon the privileges determined by use of your identity provider.

SSO Image

Feedback on Domain Categorization

In the latest release of HYAS Protect, we’ve introduced a feedback loop so our global community of security users can send us feedback on our domain categories.

One of the policy management benefits we support is allowing/preventing access to domains that align with such topics as social media, sports, gambling, and adult content, to name just a few. We categorize billions of domains to help you achieve your appropriate use policies, but we don’t always get it right.

This new capability lets your HYAS Protect users (not your employees) tell us when they think we’ve gotten it wrong. This empowers our community of users with a voice and ensures we get your feedback so we can improve the overall quality and accuracy of categories HYAS uses going forward.

Please check it out, and don’t be bashful about sharing your feedback. We want to be the best we can be for you!

Looking Forward

We are on a journey, one that involves delivering the best protective DNS solution on the planet. These new capabilities are only a part of the total value that HYAS Protect affords. And we’re not taking our foot off the gas. Check out some of the new capabilities we’re working on:

    • Microsoft Defender for Endpoint. We already support an incredibly valuable integration into MDE. It’s about to get even better with a new self-service configuration capability that speeds initial deployment and ensures any ongoing tweaks and changes that you deem necessary are available directly to you at any time. No need to call us - you can handle it yourself, and get immediate results. But that’s just a new option available to you. We’re always happy to help and promise thorough, rapid service. Now you have 2 options!
    • Centralized Agent Management Improvements. There are lots of new things on the way here to ensure agent uninstalls, temporary disabling, bypasses, and other features you require in the management of the HYAS agent for your employees is at your fingertips.
    • Custom Policies for Different Source Networks. In line with adapting to your environment, we’ll be improving your ability to configure custom policies for different source networks.
    • AWS S3 Log Export. We know you need the flexibility to do what you will with your DNS logs. That’s why we’re delivering on a new capability to export your log data to your AWS S3 buckets and give you the capability to self-manage it going forward. We know the value of removing the barriers around aggregating your security telemetry and are putting actions behind these words.

Check out HYAS blogs for future announcements on these capabilities!

Additional Reading

Why Cybersecurity Must Include Protective DNS

How to Select a Protective DNS Solution

The Role of Protective DNS to Identify and Defend Against Cyber Threats

How HYAS Protect Stacks Up Against the Competition