BI.Zone Secure DNS

Main article: Firewall

BI.ZONE Secure DNS is a service based on its own development for finding and blocking dangerous, domains, phishing exfiltration attempts, - data DNS tunels,, malware command (C&C servers), as well as algorithmically generated domains (DGA).

2024

Cookie support to improve DNS transaction security

BI.ZONE Secure DNS update has been released. BI.Zone announced this on November 14, 2024.

This version of the service provides more mechanisms for controlling DNS traffic, including redirection and monitoring lists, as well as support for cookies to improve the security of DNS transactions. In addition, filtering policies can now be managed not only using the API, but also through your personal account.

According to BI.ZONE, almost 80% of companies do not track DNS traffic, which gives attackers the ability to carry out long and difficult to detect attacks. Criminals can use this blind spot to steal data, deliver malware, or redirect users to phishing resources.

Effectively built DNS protection helps an organization block attackers from accessing its IT infrastructure and, in general, significantly strengthen security. When developing updates, we set a goal: to make traffic tracking even more transparent and manageable. So we responded to the request of the clients themselves: now they have more opportunities to customize the solution for their cybersecurity tasks, - said Dmitry Tsarev, head of the cloud cybersecurity solutions department at BI.ZONE.

Added redirection list and monitoring list. Previously, DNS filtering was based only on white lists and blacklists. Now, due to more point settings, the client can not only block or allow the transition to certain resources, but also redirect the user to another IP-address or track and save information about requests without taking any action.

Developed a redirection mechanism as part of filtering by web categories. If an employee accesses an unwanted site from a category to which the company has banned access (gambling sites, social networks, etc.), the mechanism allows you not to block the request, but to redirect it to another resource. For example, to a page with information about blocking.

Added support for DNS cookies. When accessing an authoritative server, the solution itself sets the value of DNS cookies and thus provides additional protection against DNS spoofing. This will prevent the attacker from implementing the attack and spoofing the result of resolving the domain name.

The performance of the service core has been increased by 2 times. Thus, the number of DNS requests processed has increased.

Added DNS cache record disability mechanism. This is necessary in order to clear the data in the second-level cache in time. Thus, the reliability of data in case of emergency situations is increased.

Accelerated the process of obtaining data from BI.ZONE Threat Intelligence, a portal with information about current cyber threats. Optimized the mechanism for obtaining compromise identifiers (IoC). Now, instead of mass single requests containing a domain that requires verification, BI.ZONE Secure DNS makes one request for all domains that came per unit of time. Thus, the test time and load on both systems were reduced.

Reduced the delay in transmitting information about current threats. Added the ability to transfer this information between the cloud and client node using the DNS protocol extension - EDNS0. As a result, a faster decision is made: block or skip the request on the customer's node side.

Information transfer via DNS-over-HTTPS (DoH) protocol is optimized. This version has improved the mechanism for buffering messages - now the interaction through DoH has become more stable.

Users can now manage BI.ZONE Secure DNS filtering policies directly in their personal account. In particular, configure the mechanisms for detecting and blocking DNS tunnels generated by the domain algorithm (DGA), DNS rebinding, as well as manage blacklists and whitelists and the integration module with BI.ZONE Threat Intelligence. Previously, this was possible only using the API.

DGA detection

The updated version of BI.ZONE Secure DNS provides users with advanced capabilities for controlling DNS traffic, including DGA (domain generation algorithm) detection, as well as improved personal account functionality. This increases traffic visibility and facilitates security management. The developer of the solution announced this on June 10, 2024.

One of the key problems cyber security is network threats through domain name system protocols (DNS). Despite the fact that this system is critical for the work of most organizations, 79% of companies to data BI.ZONE do not track DNS traffic, which is why a blind spot in protection is formed.

We strive to create a tool that allows you to look at DNS traffic from different angles: both in terms of company security and overall control of what happens in. To IT infrastructure Our intention is reflected in the new version of BI.ZONE Secure DNS: the accuracy of identifying DGA domains in 96% of cases helps to more effectively detect the connection between infected devices and the attacker's manager server , and advanced analytics in the solution's personal account makes it easier to find shadow IT and abnormal activities, said Dmitry Tsarev, head of cloud solutions at cyber security BI.ZONE.

Implementation of a new DGA detection method. It allows you to determine complex domain generation techniques and detect the activity of attackers. This is due to a specially developed mechanism, which is machine learning based on 100 different utilities and C2 (command and control) frameworks, as well as a series of tests for. malware

Refinement of DNS tunnel detection algorithms. The update prevents the risk of data theft through DNS tunnels, which use the features of the EDNS0 - DNS protocol extensions. The BI.ZONE security analysis team participated in the development of measures against this new attack vector. The list of utilities whose DNS tunnels detect and block BI.ZONE Secure DNS has also expanded: Sliver, Puppy RAT, Metasploit, White Snake and more than 10 programs have been added.

Implement DNS query logging. This functionality allows users not only to control visited web resources, but also to track information about attacks and other suspicious activity.

Development of public APIs. Both analytics and service settings management are now available to users. In the updated version, this is implemented by calling API functions.

Create a personal account for the local version of the solution delivery. It allows you to work with the service and view statistics in a convenient interface. The update meets the requirements for full on-prem integration from many companies, including government organizations and banks.

The resolution time of domain names was reduced to 5-10 milliseconds due to the implementation of the single responsibility principle for BI.ZONE Secure DNS components. And the security check time for domain names was reduced to 20 milliseconds due to improved integration with BI.ZONE Threat Intelligence, a data portal on current cyber threats. This also allowed you to triple the performance of the solution and provide even greater fault tolerance. In addition, the update eliminates the threat associated with DDoS attacks due to an error in DNSSEC, a DNS security extension package.