With the rapidly evolving technological landscape, cyberthreats are intensifying. The graph of the cyberthreats is elevating to a point where there is no sign of it slowing down. TCPWave security solutions help enterprises understand the network security vulnerabilities that threaten the enterprise's ecosystem. Furthermore, it prepares organizations for combating cyber-attacks proactively. TCPWave security features address the enterprise's needs and help in streamlining the security operations.
DNS Access Control List
The DNS ACLs defined in the TCPWave IPAM allow the network administrators to restrict the source IP addresses that can query DNS. The dynamic modifications to the ACLs are audited and propagated to all the DNS remotes in real-time
DUAL DNS Engines
TCPWave's Dual DNS
feature provides resistance to certain types of attacks and
increased reliability. With Dual DNS, if the BIND DNS service stops
running due to an attack that exploits a BIND vulnerability, a
malfunction, or another reason then failover to another DNS service
will occur. The failover is automatic to Unbound caching. This
failover ensures that users continue to have access to DNS service
even if BIND crashes.
<
DNS RESPONSE POLICY ZONES (RPZ)
TCPWave IPAM's
integration with the DNS Response Policy Zones(RPZ), a layer-7
firewall that blocks malware, phishing, ransomware sites, and
botnets, contains rules that recursive DNS appliances use to
redirect or block queries for malicious sites. TCPWave supports
customization of RPZ rules and files then fetches RPZ data feeds
from popular reputation data providers, such as ThreatSTOP and
Deteque. Using data feeds, possibly supplemented with custom rules,
DNS RPZs provide an effective firewall that prevents users from
accessing harmful sites.
DNS SECURITY EXTENSIONS (DNSSEC)
DNSSEC provides
functionality for DNS resolvers (clients) to authenticate that the
source of query responses is trustworthy and confirms the responses'
integrity. TCPWave fully supports DNSSEC deployment and provides
automatic DNSSEC key generation, zone and key signing, and key
rollover.
RESPONSE RATE
LIMITING
Response Rate Limiting
(RRL) is an enhancement to the DNS protocol, which serves as a
mitigation tool for the DNS amplification attacks. RRL
implementation is recommended only for the authoritative servers but
can also be implemented for cache servers. RRL uses a credit or
token bucket scheme.
MACHINE
LEARNING-BASED DNS TUNNEL, DGA, AND ANOMALOUS TRAFFIC DETECTION
TCPWave's DNS TITAN, a
machine learning module, inspects DNS traffic in real-time to detect
DNS tunnels, traffic associated with domain generation algorithms,
and other anomalous traffic. In addition, this module identifies
malicious traffic by detecting distinctive characteristics. This
module is included in TCPWave's base product at no additional
charge.
RULE-BASED DNS THREAT
DETECTION AND PREVENTION
Using a robust and
high-performance rule-based network threat detection engine
(Suricata), TCPWave's DNS TITAN Threat Protector can monitor DNS
traffic in real-time to detect and prevent malicious activity. In
addition, administrators can create or import engine rules,
including from third parties, to drop specific packets and produce
alerts on specific packets or traffic patterns. Also, a default
ruleset is provided that consists of over 2,500 DNS-related rules
that produce alerts. It is based on Emerging Threats' Open ruleset
and can be modified. These default rules primarily detect protocol
anomalies, higher than expected frequencies of specific packets or
queries, and queries for domains related to malware, command and
control, phishing, ransomware, and tunnels. TCPWave's effective
threat detection and prevention capabilities protect DNS appliances
and users by using DNS-specific rules that go far beyond the
capabilities of general-purpose firewalls.
DNS END-USER SECURITY
TCPWave's DNS TITAN
End-User Security prevents users from accessing malicious sites. It
blocks DNS queries for domain names of malicious hosts, queries to
malicious DNS servers, and IP addresses of malicious sites in DNS
query responses. The items to block are based on domain and IP
reputation data provided by TCPWave's partner, Spamhaus, a leader in
providing threat intelligence information. This reputation data
consists of a feed of continually updated rules in DNS Response
Policy Zones (RPZs). Using this continually updated information,
TITAN End-User Security protects users from accessing malicious
sites, including malware, phishing, ransomware, adware, and botnet
sites.
SIEM INTEGRATION
To support the
processing of logs by Security Information and Event Management
(SIEM) and other systems, TCPWave produces audit log files that
comply with the Common Event Format (CEF) standard. Using this
standard, TCPWave integrates with Micro Focus ArcSight. Also,
TCPWave provides log forwarding to IBM QRadar, Splunk, Apache Flume,
and others. These capabilities help security personnel quickly
detect and respond to threats.
IDENTITY
ADMINISTRATION
TCPWave Identity
Administration provides user management functionality. Segregation
of Duties (SoD) is a preventive and most critical control. It
reduces the risk of error and malicious DNS/DHCP activities through
a proper division of tasks among an organization's employees. When
manipulating the core functionality of mission-critical network
services, the appropriate segregation of duties prevents the
potential for employee circumvention of controls.
We use cookies on this site to
improve your browsing experience, analyze individualized usage, and
website traffic tailor content to your preferences, and make your
interactions with our website more meaningful. By clicking "Accept All" closing this banner, or continuing to browse this site, you
consent to the use of cookies.