Security professionals agree that a strong security posture is one that is implemented in a layered approach. This layered approach is also referred to as “defense-in-depth.” A defense-in-depth strategy consists of applying security mechanisms across your organization to ensure sufficient coverage against the wide variety of cyber threats.
An often overlooked component of a defense-in-depth strategy is addressing security at the Domain Name System (DNS) layer. DNS is involved in nearly every transaction conducted on the Internet. It translates online queries into a set of navigation instructions to get you to the location requested. Protecting the DNS layer can be considered as the “first line of defense” when preventing access to unwanted systems online.
Implementing a security mechanism at this layer ensures that access to unwanted content can be controlled at the first point of engagement regardless of the port that the resulting communication is intended to traverse.
With our DS-layer Security, the browsers will not connect to malicious websites and malware will not connect to command & control servers because our layered security will never return a malicious IP.
Leveraging just DNS, Umbrella CISCO Open DNS route millions of IP connections away from malicious destinations, every day, covering nearly all attempts to compromise systems or exfiltrate data. Suspect IP connections are tunneled to the Cisco Open DNS global network, then either the whole connection is blocked or traffic to safe URLs is allowed via their transparent proxy.