Protect Your Critical Assets with Akamai Guardicore DNS Firewall

Before any device can connect to a website or online service, it must first make a DNS lookup request to convert the domain name into an IP address. 

Since this process is required for all internet activity, monitoring DNS requests gives security teams complete visibility into the external resources that users are trying to access. This makes it easy to enforce security controls and proactively block requests to malicious domains before an IP connection is made, while allowing requests to safe domains to proceed as normal.

Additionally, a DNS firewall can detect command and control traffic from compromised devices where malware has bypassed other security controls and block DNS exfiltration that can be used to steal sensitive data by hiding it within DNS queries.

Working alongside your network firewall, a DNS firewall works to protect users and endpoints from cyberthreats — including domains that host malware, ransomware, or phishing pages. Protection can also be extended to laptops and mobile devices when they’re off the corporate network.

However, people connecting to external resources aren’t the only ones who generate DNS requests — servers, workloads, applications, Internet of Things (IoT) devices, and operational technology (OT) devices also make DNS requests to connect to external resources. These external resources can include application programming interfaces (APIs), cloud storage, identity providers, monitoring tools, software repositories, and partner systems. 

To maintain seamless and reliable operations, it’s crucial to keep these resources secure. However, because organizations have no control over external resources, that creates a security risk. For example, if a business partner's system is compromised via a vulnerability,  the connection from the internal application could then lead to a server being compromised.

Akamai Guardicore DNS Firewall, a module for the Akamai Guardicore Platform, makes it significantly easier for enterprises to extend DNS protection beyond users and their devices to include servers, workloads, and IoT and OT devices.

This capability can be enabled in minutes through either: 

• Akamai Zero Trust clients for agent-based protection 

• DNS traffic forwarding to Akamai Connected Cloud for agentless protection

DNS forwarding is accomplished by modifying your DNS configuration or deploying the Akamai Security Connector. Organizations can start with agent-based protections and later add agentless protection for increased threat detection and security.

Akamai Guardicore DNS Firewall strengthens DNS security by allowing enterprises complete control over their external resource access, giving users greater visibility into cloud service and API activity. As an added benefit, real-time detection and blocking automatically restricts access to malicious websites or unauthorized resources.

A DNS firewall provides visibility into all outbound connections at the DNS level, while microsegmentation gives visibility into the internal network traffic. Combined, they can automatically link external DNS requests with internal network behavior via Incident alerts, helping security teams pinpoint compromised assets or DNS data exfiltration attempts. 

From there, security teams can trace attack sequences from initial DNS queries through internal network movement, ensuring robust cybersecurity.

The threat intelligence used in Akamai Guardicore DNS Firewall is built on data gathered from Akamai Connected Cloud, which manages up to 30% of global web traffic and delivers up to 13 trillion recursive DNS responses daily. 

This intelligence is enhanced by IP addresses and traffic logs from other Akamai security services and hundreds of external threat feeds — including WHOIS and registrar information; it’s also continuously improved through automation, advanced behavioral analysis, machine learning, proprietary algorithms, and a team of data scientists and security threat researchers. 

Newly identified malicious domains and URLs are immediately added to the service, while those that no longer present a risk are removed from the list. This approach improves detection efficacy and reduces false positive security alerts. 

Our team analyzes customers’ DNS logs for indicators of compromise (IOCs). If IOCs are found, affected customers are alerted through the DNS Firewall portal, reducing the potential impact of newly discovered threats.