Defend from Firstly Seen Domains

Malicious domains are typically active for a short period before being abandoned, providing only a brief window of time for systems to be compromised.
‍
Knowing that, organisations face the risk of clients establishing connections to domains that may later be identified as malicious.

Next-generation firewalls typically come with a default “any-any” rule, allowing traffic to flow freely and leaving organisations vulnerable to novel threats such as zero-day exploits. This is because a typical zero-day attack lasts 312 days on average before being detected as shown by Bilge & Dumitras’ studies.

Given that such attacks can occur at the DNS layer as well, it becomes even more difficult for businesses to discover breaches.

Positive Security Model
‍A DNSDome Feature

DNSSense helps establish a more secure posture through the implementation of a Positive Security model. This approach entails granting only the specific access permissions defined by users, thereby reducing the attack surface.

In cases where a domain is not categorised or falls into a potentially suspicious category, DNSSense takes immediate action by blocking connection until they are marked as safe in near real-time, ensuring that any unclassified domains are promptly categorised. This rapid categorisation process is a highly effective precautionary measure that guarantees a secure online experience for users without sacrificing connectivity or triggering false positive alerts.