The “Security Gap” feature reports malicious traffic that the existing security devices (UTM Firewall, Proxy, DNS Firewall, etc.) cannot detect.
Security Gap simulates connecting to the malicious domain to test the security in the network by 3 different ways, Which are;
1- Test with DNS query from existing DNS server
2- Test with Http/Https request via the proxy server
3- Tests to reach a malicious domain with direct connection HTTP/HTTPS through Gateway.
DNSEye VM appliance in your network sends a malicious connection request to DNSSense's cloud-based malicious simulation service, with a specific metadata.
Security Gap = Blocked, malicious traffic is blocked;
When DNSSense's simulation service does not get the metadata, which means the malicious connection is blocked by the security, it is reported as the attack is blocked along with the information about which device (Proxy or UTM) successfully blocked the malicious traffic.