TCPWave’s DNS Titan End-User Security prevents users from accessing malicious sites. More specifically, it blocks DNS queries for domain names of malicious hosts, queries to malicious DNS servers, and IP addresses of malicious sites in DNS query responses. Also, since this Titan feature provides this protection in DNS servers, it prevents some types of malware from reaching devices. Consequently, there is not a need to attempt to quickly detect this malware on a device and remove it before it does damage or spreads.
Additionally, although the emphasis here is on protecting end users, this Titan feature protects all DNS clients, including applications that make DNS queries. Furthermore, it provides this protection without having to install and continually update software on the many DNS clients that exist.
The items to block are based on domain and IP reputation data provided by TCPWave’s partner, Spamhaus, a leader in providing high-quality threat intelligence information. This reputation data consists of a feed of continually updated rules in DNS Response Policy Zones (RPZs). By using this information, Titan End-User Security protects users from accessing malicious sites, including malware, ransomware, phishing, adware, and botnet sites.
Additional information on DNS Titan End-User Security, including sections on Spamhaus and the Titan architecture, is presented below.
Spamhaus has over twenty years of experience protecting users and networks and is a trusted authority on IP and domain reputation data. Also, they protect over three billion mailboxes globally. Consequently, they are an industry leader for providing threat intelligence data, and their datasets are used by leading global technology companies. Example customers are provided near the bottom of the page at www.spamhaus.com.
With DNS Titan End-User Security, you benefit from Spamhaus’s high-quality threat intelligence in their RPZ data feeds. The following data feeds from Spamhaus are included in DNS Titan End-User Security:
An overview of the DNS Titan End-User Security architecture is shown in the figure below. As depicted in it, Response Policy Zones (RPZs) are transferred from Spamhaus DNS servers to a TCPWave primary (or lead secondary) DNS caching appliance. Spamhaus also supports transfers to an optional primary DNS appliance, for site and geographic redundancy. Secondary DNS caching appliances are downstream from the primary DNS appliances and get zone transfers from them.
DNS Titan End-User Security Architecture
After zone transfers complete, if a DNS query contains a name or IP address that is defined in an RPZ as being malicious, the query will be blocked. Also, these blocked queries will be logged and used in DNS RPZ reports.
The content above and additional sections, including ones on configuring the Titan feature, verifying the configuration, and reports for this feature, are available in a complete document. You can access it by using the download button below.