Get answers to the most commonly asked questions about us and our products.
What is the main difference between DNSSense and Infoblox?
As the name suggests, DNSEye only analyses and reports on DNS data. Unlike Infoblox, DNSSense inspects existing DNS servers’ logs without needing any changes to be implemented in your network. It reveals security risks in the network to SOC teams with simple and understandable reports by performing all-around security-oriented analyses and triggering necessary alarms in SIEM and SOAR.
We already have Fortinet, Palo Alto, Symantec Bluecoat, a Forcepoint Next-Generation Firewall, etc. Why should we buy DNSSense?
100% of our customers already have security solutions such as Fortinet, Palo Alto, Symantec Bluecoat and Forcepoint. Acting as an additional layer of security at the DNS level, DNSSense offers different functionalities than these products and so is not to be used as a replacement.
Our "Security Gap" feature reports the malicious traffic undetected by your existing security solutions. Almost all of our PoC customers wish to continue working with us, knowing that their security investment in our product will bring much added value to their enterprise.
Do you offer an authoritative DNS service?
No. We serve as a DNS forwarder rather than offering an authoritative DNS service.
Do you offer a DDI service?
No. We do not offer a DDI service.
What is your licencing model?
The products are sold with a one- or three-year ethical licence. The number of licences is equal to the number of devices having access to the Internet.
Can I buy the products separately, or are they all purchased at once?
“DNSDome”, “DNSEye”, and “Cyber X-Ray” are different products and can be purchased separately or together.
How long does it Take to deploy the products, and is it necessary to have a constant administrator (admin) control?
It takes 5 minutes to deploy “DNSDome” and 1 hour to install “DNSEye”. An admin is not necessary; any IT personnel can run these solutions to receive periodic reports.
What is DGA? Is it possible to block?
DGA stands for Domain Generation Algorithm. It is an algorithm frequently used to generate domain names for malware domains. DNSSense detects DGA-created domains and then blocks the malicious traffic.
Why should we adopt DNS-level protection?
Because the DNS Layer is at the bottom of the application layer. Blocking malicious traffic at the DNS level should therefore be the first line of defence in your network before it spreads to other layers. In addition, DNS is used by other protocols such as HTTP, HTTPS, SMTP, and IoT. DNS traffic provides information about the application layer and your entire network.
Moreover, some malicious traffic can only be detected and prevented by DNS-level protection. For example, 80% of malware domains currently do not have an IP address. Malware requests lacking an IP address can only be detected in the DNS log. Also, DNS tunnelling can only be prevented by DNS-level protection.
Can DNSEye be used in multi-tenant environments, such as managed service providers?
Absolutely, DNSEye can be utilised in multi-tenant environments like managed service providers.
Is there a limit to the size or scale of the network that DNSEye can support?
There's no upper limit to utilise DNSEye asit doesn't necessitate any changes to the network topology. Nonetheless, networks with more than 500 users tend to reap the most benefits from DNSEye.
Is DNSEye compatible with cloud-based DNS services?
Indeed, DNSEye is compatible with cloud-based environments.
How can DNSEye deploy so quickly, even for enterprise networks?
DNSEye is deployed as a virtual machine within your environment without requiring any alterations to the current traffic flow or installing agents, enabling a swift deployment in under an hour.
How does DNSEye differ from other similar solutions?
DNSEye stands unique in the market due to its distinct operating style. While similar solutions may necessitate agents or network reconfigurations, DNSEye does not. Its unique Security Gap feature demonstrates its added value to the users, making DNSEye the only cyber security solution that clearly showcases its added benefits over other tools.
Does DNSEye offer a trial period or demo for potential users to evaluate its features?
DNSEye offers a 14-day Proof of Concept period that includes all its features. As the deployment takes less than an hour and deactivation is instant, it's a hassle-free experience.
Is there a feature to block unknown (firstly-seen) domains?
Yes. DNSSense’s "Positive Security Model" temporarily blocks any network connection attempt to a "Firstly-Seen" domain for a maximum of 10 minutes until it is categorised as "Allowed" according to your security policies. The connection will not be allowed if the relevant domain falls into the ‘Blocked’ category. Users can only access it after it has been labelled "Allowed" or "Whitelisted".
Can the “Roaming Client” disable itself when it enters the local network?
Yes. It has the auto-disable option. In addition, it does not cause any disruptions when the active device in Roaming Client is connected to the local network.
Is there any protection against users disabling the “Roaming Client”?
Yes. Since protection is maintained at the Kernel level, DNSDome continues to run even if users disable the Roaming Client module.
Does “Roaming Client” cause any issues in system performance?
Our “Roaming Client” module is a lightweight agent written in the C programming language with an almost negligible load on the system.
Which platforms does “Roaming Client” support?
Roaming Client is supported on macOS, Windows, and iOS.
Is it possible to give access to a blocked domain?
DNSDome offers blacklisting and whitelisting features. If you add any domains to the whitelist or blacklist, all systems’ caches will be cleared within a maximum of 5 seconds.
Is it possible to block specific categories or certain user groups?
There are 72 different categories in the DNSSense domain classification platform. For security purposes, categories such as Malware and Phishing are blocked on all users and devices. Additional policies can be applied to devices with the "Roaming Client" feature installed or to users if there is Active Directory integration.
Is there a DNS tunneling protection feature?
Yes. DNSSense has a DNS tunnelling protection solution.
What is your false positive rate in domain classification?
Our domain categorisation success rate is 99%, taking rival products in the market and customer feedback into account. On average, we merely receive one or two categorisation requests from our clients who make millions of domain queries daily.
You claim that you categorise better than other companies. How can you prove this?
We use Cyber X-Ray, our own 100% artificial intelligence-based domain categorisation platform. We monitor and store the entire Internet historically and relationally up to five years back. We have such a high confidence in this method that we have added a feature called "Security Gap" to our "DNSEye" product. The "Security Gap" feature gives you a report revealing the malicious traffic that your security devices have failed to detect. Thanks to this feature, the added value that we bring to your company becomes fully evident. In addition, we provide domain categorisation services to three of the top firewall vendors in the world.