As the name suggests, DNSEye only analyses and reports on DNS data. Unlike Infoblox, DNSSense inspects existing DNS servers’ logs without needing any changes to be implemented in your network. It reveals security risks in the network to SOC teams with simple and understandable reports by performing all-around security-oriented analyses and triggering necessary alarms in SIEM and SOAR.

We already have Fortinet, Palo Alto, Symantec Bluecoat, a Forcepoint Next-Generation Firewall, etc. Why should we buy DNSSense?

100% of our customers already have security solutions such as Fortinet, Palo Alto, Symantec Bluecoat and Forcepoint. Acting as an additional layer of security at the DNS level, DNSSense offers different functionalities than these products and so is not to be used as a replacement.

‍

Our "Security Gap" feature reports the malicious traffic undetected by your existing security solutions. Almost all of our PoC customers wish to continue working with us, knowing that their security investment in our product will bring much added value to their enterprise.

‍

Do you offer an authoritative DNS service?

No. We serve as a DNS forwarder rather than offering an authoritative DNS service.

‍

Do you offer a DDI service?

No. We do not offer a DDI service.

‍

What is your licencing model?

The products are sold with a one- or three-year ethical licence. The number of licences is equal to the number of devices having access to the Internet.

‍

Can I buy the products separately, or are they all purchased at once?

“DNSDome”, “DNSEye”, and “Cyber X-Ray” are different products and can be purchased separately or together.

How long does it Take to deploy the products, and is it necessary to have a constant administrator (admin) control?

It takes 5 minutes to deploy “DNSDome” and 1 hour to install “DNSEye”. An admin is not necessary; any IT personnel can run these solutions to receive periodic reports.

‍

What is DGA? Is it possible to block?

DGA stands for Domain Generation Algorithm. It is an algorithm frequently used to generate domain names for malware domains. DNSSense detects DGA-created domains and then blocks the malicious traffic.

‍

Why should we adopt DNS-level protection?

Because the DNS Layer is at the bottom of the application layer. Blocking malicious traffic at the DNS level should therefore be the first line of defence in your network before it spreads to other layers. In addition, DNS is used by other protocols such as HTTP, HTTPS, SMTP, and IoT. DNS traffic provides information about the application layer and your entire network.

‍

Moreover, some malicious traffic can only be detected and prevented by DNS-level protection. For example, 80% of malware domains currently do not have an IP address. Malware requests lacking an IP address can only be detected in the DNS log. Also, DNS tunnelling can only be prevented by DNS-level protection.

DNSEye

What is the “Security Gap” feature?

The “Security Gap” feature reports malicious traffic that the existing security devices (UTM Firewall, Proxy, DNS Firewall, etc.) cannot detect.

‍

Security Gap simulates connection to the malicious domain to test the network security in 3 different ways as follows:

1- Test with DNS query from the existing DNS server

2- Tests with HTTP/HTTPS request via the proxy server

3- Tests to reach a malicious domain using a direct HTTP/HTTPS connection through Gateway.

‍

DNSEye VM appliance in your network sends a malicious connection request to DNSSense’s cloud-based malicious simulation service, with a specific metadata:

‍

Security Gap = Blocked, malicious traffic has been blocked

‍

In case DNSSense’s simulation service does not receive the metadata, which means the malicious connection has been blocked by Security Gap, it is reported as an instance of a blocked attack along with information on the device (Proxy or UTM) that has successfully blocked the malicious traffic.

What are the advantages of your smart SIEM integration?

Instead of forwarding all DNS data to SIEM, we only forward to the SIEM product domain queries for malicious domains together with information on the real user and the implemented machine. In this way, we can reduce the number of correlations required in the SIEM device as well as the number of EPS by 95%+, allowing a significant cut in the licence cost of the SIEM product.

Which SIEM products do you provide integration with?

In addition to our direct integration with products such as IBM QRadar, Microsoft ArcSight, and Splunk, we also provide integration with any of your SIEM products that send data in SYSLOG format.

Which DNS products do you read with “DNSEye”?

Microsoft DNS Server, Linux BIND Server, F5, Citrix NetScaler, Efficient IP, BlueCat and common DNS server types.

Why is DNS visibility important?

With DNS level protection, you can prevent attacks but cannot detect the actual machine that generates the malicious traffic. Given the varying nature of client IP addresses, they are not suitable for retroactive verification. They should be enriched with a continuous flow of information about the computers and users in question. DNS visibility lets you detect the device and user behind the related DNS queries. Such information on the actual device and user is critical for SOC teams.

DNSDome

Is there a feature to block unknown (firstly-seen) domains?

Yes. DNSSense’s "Positive Security Model" temporarily blocks any network connection attempt to a "Firstly-Seen" domain for a maximum of 10 minutes until it is categorised as "Allowed" according to your security policies. The connection will not be allowed if the relevant domain falls into the ‘Blocked’ category. Users can only access it after it has been labelled "Allowed" or "Whitelisted".

‍

Can the “Roaming Client” disable itself when it enters the local network?

Yes. It has the auto-disable option. In addition, it does not cause any disruptions when the active device in Roaming Client is connected to the local network.

Is there any protection against users disabling the “Roaming Client”?

Yes. Since protection is maintained at the Kernel level, DNSDome continues to run even if users disable the Roaming Client module.

Does “Roaming Client” cause any issues in system performance?

Our “Roaming Client” module is a lightweight agent written in the C programming language with an almost negligible load on the system.

Which platforms does “Roaming Client” support?

Roaming Client is supported on macOS, Windows, and iOS.

Is it possible to give access to a blocked domain?

DNSDome offers blacklisting and whitelisting features. If you add any domains to the whitelist or blacklist, all systems’ caches will be cleared within a maximum of 5 seconds.

Is it possible to block specific categories or certain user groups?

There are 72 different categories in the DNSSense domain classification platform. For security purposes, categories such as Malware and Phishing are blocked on all users and devices. Additional policies can be applied to devices with the "Roaming Client" feature installed or to users if there is Active Directory integration.

Is there a DNS tunnelling protection feature?

Yes. DNSSense has a DNS tunnelling protection solution.

Can DNSSense detect phishing domains?

Yes. Thanks to its native AI classification platform, DNSSense detects and blocks the domains used in phishing attacks in a short time.

Cyber X-Ray

What is your false positive rate in domain classification?

Our domain categorisation success rate is 99%, taking rival products in the market and customer feedback into account. On average, we merely receive one or two categorisation requests from our clients who make millions of domain queries daily.

You claim that you categorise better than other companies. How can you prove this?

We use Cyber X-Ray, our own 100% artificial intelligence-based domain categorisation platform. We monitor and store the entire Internet historically and relationally up to five years back. We have such a high confidence in this method that we have added a feature called "Security Gap" to our "DNSEye" product. The "Security Gap" feature gives you a report revealing the malicious traffic that your security devices have failed to detect. Thanks to this feature, the added value that we bring to your company becomes fully evident. In addition, we provide domain categorisation services to three of the top firewall vendors in the world.

338a Regents Park Road, Office 3 And 4, N3 2LN London, United Kingdom

COMPANY

About Us Why DNSSense Leaders Contact Support Contact Us

OUR PRODUCTS

DNSEye DNSDome Cyber X-Ray

EXPLORE

Blog Media Download FAQ

STAY IN TOUCH

LinkedIn YouTube

DNSSENSE DNS IP ADRESSES

45.129.19.19

45.129.19.20

We value your privacy

By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Accept Cookies Deny Preferences

Privacy Preference Center

When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Reject all cookies Allow all cookies

Manage Consent Preferences by Category

Essential

Always Active

These items are required to enable basic website functionality.

Marketing

Essential

These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.

Personalization

Essential

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.

Analytics

Essential

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.

Save and close