Enhance DNS Security, Guarantee Service Availability & Data Integrity, Ensure Business Continuity

DNS servers deliver critical services to your company, such as Internet visibility for your customers, citizens, partners and employees as well as access to network applications and other indispensable services such as email, CRM, VOIP… DNS is a well-known protocol. DNS servers are visible to anyone on the network, and they have become one of the most vulnerable parts of the network infrastructure. Current security measures are no longer enough to prevent catastrophic loss of business and brand damage resulting from DNS attacks.

An IDC DNS Security survey conducted in June 2014 shows that 72% of respondents said they had been targeted by a DNS attack in the last 12 months. As a result, their businesses reflected the following: 45% were impacted by downtime, 36% reported loss of business, and 40% had intellectual property stolen.

EfficientIP provides the most flexible, secure and cost-effective solutions to protect your DNS and your business, from detection and protection to remediation.

DNS Guardian: Innovative Framework for DNS Security

DNS Guardian (patent pending) monitors DNS cache-recursive activity at the transaction level (queries, responses, fragments, recursions) to get end-to-end visibility on resolutions for complete understanding of the traffic. The real-time transactions analysis will allow you to determine patterns and specific signatures of different DNS attacks, such as DNS Tunnelling, Phantom or Sloth attacks for example. You will then be able to take counter measures specific to each attack. DNS Guardian also identifies the sources of the attacks and allows you to initiate remediation actions on those sources to prevent future attacks.

EfficientIP's DNS Guardian benefits from a key architecture innovation, which separates the cache function from the recursive function; when one function is targeted by an attack, each function is protected separately avoiding side effects while continuing to provide service.

The Rescue Mode counter measure, based on DNS Guardian’s intelligence, mitigates volumetric, slow and insidious attacks. When the Rescue Mode is activated the cache provides continuous service to users until the attack is over. Statistically, about 95% of DNS queries are contained in the cache of a DNS server, which means that when under attack, you’ll be able to handle at least 95% of the queries.

Learn more with the DNS Guardian datasheet

DNS Blast: Absorb DDoS Attacks on Cache DNS

DNS Blast is a cache appliance that can support up to 17 millions queries per second. It can handle more bandwidth than the network itself; therefore, the cache will never be saturated. The DNS caches can be synchronized between several EfficientIP DNS servers. Each server benefits from resolutions done by the other servers thus reducing network bandwidth consumption.

Hybrid DNS Engine: Mitigate DNS Zero-Day Vulnerabilities

Hybrid DNS Engine offers 3 technologies (BIND, NSD, Unbound) in a single appliance to eliminate single point of failure following security alerts on standard DNS technologies. You can switch from one engine to another with just one click, providing enough time to test the correcting patch; This gives you more control on risk management to protect your DNS infrastructure.

DNS Cloud: Internet DNS DDoS Mitigation & High-Availability

EfficientIP’s DNS Cloud integrates with Amazon Web Services Route 53 DNS Service and provides you with the ability to manage your in-house and cloud DNS infrastructure from a single management console. Cloud DNS deployment offers you the best performance and resilience that you can expect with a 100% service level agreement. The distributed nature of Amazon's DNS servers helps ensure service availability to your end users even during a DDoS attack.

DNS Firewall: Protect Against DNS Malware and Botnets

EfficientIP's DNS Firewall proactively protects SOLIDserver™ appliances and Linux-based DNS infrastructures by detecting and blocking malware activity, identifying infected devices and preventing new attacks. DNS Firewall offers easy-to-deploy and reliable malware protection that can be personalized to meet specific and granular requirements. When combined with NetChange, our network discovery tool, it localizes the IP source of the malware enabling a quick device cleansing.

SmartArchitecture: Easily Deploy Stealth DNS Architectures

The Stealth DNS model, which hides the DNS architecture from clients, provides the most secure DNS architecture. With all other products, configuring Stealth DNS architecture is at best a complex and cumbersome process. However, with EfficientIP's SmartArchitectures™, Best Practices are automatically applied making Stealth DNS set up and configuration quickly and easily completed without any specific DNS expertise required.

DNSSEC: Automate DNSSEC Deployment and Management

DNSSEC eliminates the risk of data corruption and makes sure the data is authentic. EfficientIP's DNSSEC Management Solution automates and simplifies the integration of DNSSEC on DNS servers, eliminating the complexity of configurations and the risks of misconfigurations.