Cybersecurity Services: Protective DNS
The Domain Name Service, or DNS, is a lookup system that is one of the foundational features of internet architecture. Devices connected to the internet are identified by numerical IP addresses, but having to type in (or even remember) a long string of numbers to access a website would not be very user friendly. This is where DNS comes in. Internet enabled devices use a client side DNS resolver to contact a DNS server, which then converts alphanumeric names that readable by humans, such as HYAS.com, and converts them into numerical IP addresses, allowing network communication. A protective DNS system takes advantage of this layer of networking by turning a standard lookup server into one that watches, predicts, and blocks communication with malicious servers and websites by turning around, or redirecting, attempts to access them. By having all your networks' resolvers pointing to HYAS's DNS server, they can be protected even when connected to outside networks.
Consider a standard phishing attack in which a user receives an urgent-looking email requesting personal information or to resolve an issue by following a link. The user clicks a button to go to what they think is legitimate website, only to end up downloading a piece of malware or having their information stolen. However, with HYAS Protect in place, the user would be unable to complete the action if the link led to a known malicious or suspicious domain.
Let's look at another common tactic used by bad actors: attempting to trick users into clicking or manually accessing a website by taking advantage of common typos or visually similar web addresses. Consider a user attempting to reach payrollinfo.com to input their banking information, but who mistakenly types payrollinformation.com, which, in this hypothetical situation, is an illicit website. A protective DNS can automatically block the request to access these imitation domains and avoid theft of the user’s information or the installation of malware. The same tactic is used with typos, such as gooogle.com instead of google.com or arnazon.com (taking advantage of the visual similarity between "m" and the letters "rn"). At quick glance, these URLs might appear legitimate.
Advanced protective DNS systems rely not only on publicly available block-and-allow lists but also various forms of data analysis and network monitoring. HYAS differentiates itself with our understanding of attacker infrastructure and methodology, along with machine learning algorithms that help provide proactive protection. For instance, if none of the devices on your network have ever accessed a certain domain before, and suddenly, multiple users are trying to access it during a short period of time, that may indicate some kind of breach or threat — giving you time to take action.
In this way, fast and flexible DNS blocks both known bad actors and newly created ones.