NS1, the leader in next-generation DNS and traffic management solutions, unveiled the Domain Security Suite – a turnkey suite of enterprise-grade DNS (domain name system) services and capabilities designed to keep organizations and their customers safe from a growing number of DNS threats.
Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA), a component within the Department of Homeland Security (DHS), released an emergency directive after tracking a series of attempts to tamper with DNS infrastructure.
And last month, the Internet Corporation for Assigned Names and Numbers (ICANN) echoed these calls for urgent action against significant risks to DNS infrastructure with a checklist of actions that includes deployment of Domain Name System Security Extensions (DNSSEC) across all domains to detect unauthorized modification or misdirection of DNS services.
“Attackers are taking advantage of the central role DNS plays in orchestrating all internet and application traffic. When DNS is compromised, an enterprise’s applications can simply disappear from the internet, or domain names can be hijacked for disruption, manipulation or phishing attempts,” said Kris Beevers, CEO of NS1.
“NS1’s new Domain Security Suite delivers in a single turnkey offering the layered tools and services needed to manage DNS both securely and efficiently – eliminating the performance or management tradeoffs that have kept many organizations from fully embracing the basic measures needed to protect their DNS attack surface.”
Simple and unified front against DNS threat landscape
The new NS1 Domain Security Suite includes several services and capabilities tightly integrated to provide a simplified and unified front against DNS-related threats against applications and enterprises. Highlights of the Domain Security Suite include:
Turnkey DNS Network Redundancy – Organizations that deploy always-on, redundant DNS networks for their domains recover much faster from DDoS and other attacks. Yet, according to research from ThousandEyes, sixty percent (60%) of enterprises and top SaaS providers rely on a single source for their authoritative nameservers.
The Domain Security Suite features a turnkey, dual-DNS approach that includes managed and dedicated DNS solutions that are physically and logically separate but managed through a single pane of glass interface.
No Compromise DNSSEC to Prevent DNS Hijacking and Cache Poisoning – NS1 supports DNSSEC, a protocol that protects companies from man-in-the-middle attacks by securely signing DNS records across zones. The Internet Engineering Task Force, ICANN, and regional internet registries around the world have recommended or required DNSSEC, but adoption has lagged due to the impact on advanced traffic management features and performance.
NS1 offers the only DNSSEC solution to remove those barriers with easy point-and-click DNSSEC implementation, compatible with turnkey redundant DNS, and full traffic management and other modern features for signed zones.
Advanced Access Control and Secure Management – The NS1 solution provides a hardened platform with controls that meet and exceed CISA and Department of Homeland Security recommendations, including two-factor authentication, strong password enforcement, and single sign-on solutions.
Teams also get visibility into DNS usage, which provides insight into potential misuse, including record-level reporting, integrations with other monitoring and dashboard systems, and detailed configuration activity logging for change management and auditing.
DDoS Attack Overage Protection – DDoS or other malicious traffic often leaves enterprises with surprise overage charges from DNS providers, sometimes up to hundreds of thousands of dollars. The Domain Security Suite includes overage protection to reduce or eliminate attack mitigation and resolution costs related to DNS overages.
“DNS continues to grow in prominence as a threat vector, and the negative impact to enterprises from both an operational and cost perspective is significant,” said Eric Hanselman, chief analyst, 451 Research. “By considering the many facets of DNS-related attacks – redundancy, DNSSEC, advanced access control, and secure management – and removing the technical barriers to adoption, NS1 has created a compelling solution for enterprises looking to protect their DNS and distributed infrastructure.”