Eliminate cybersecurity blind spots with protective DNS
- Add a security layer covering threats that bypass standard tools
- Expand your security and visibility to remote teams
- Prevent data theft, ransomware, and misuse of leaked credentials
TRUSTED BY
WHY IT WORKS
Over 90% of attacks must use DNS.
Block them with Immunity
Domains are crucial for communication between attackers and the malware.
Without DNS protection, your network is open to many modern attack methods.
Deployed in under 2 hours, Immunity protects all devices in your network
Prevent malicious traffic in your network with no need to install or maintain anything on end devices
No disruption to daily routine of the IT team and employees
Users will not notice until they are protected from connecting to a malicious domain
Secure employees working remotely or on business trips
You can simply protect employees outside of your network
Stop DNS tunneling, ransomware, IoT attacks, misuse of leaked passwords
Disrupt threats throughout their life cycle to stop even the most advanced attack strategies
See how Whalebone Immunity works
Whalebone Immunity is a protective DNS resolver covering blind spots in the security infrastructure of enterprises, institutions, and governmental bodies. It provides unparalleled control over your DNS traffic, which is essential to cover vectors which bypass the standard security stack, as well as additional features such as Identity Protection and Content Filtering.
DNS is a crucial part of the Internet infrastructure, translating domains into IP addresses. Whalebone Immunity gives you control over this vital protocol, ability to secure it, and provides deep insights into your network.
With Immunity, you can just redirect the DNS traffic on a network level to Whalebone DNS Resolver®, which filters out malicious traffic. Any device is immediately protected, including phones and IoT devices, which are hard or impossible to secure by other solutions.
Get a 30-day free trial running in under 2 hours and make use of the fine-tuned implementation and seamless API integration. Choose on-premises, cloud, or hybrid deployment and see immediate quantifiable results.
SUCCESS STORIES
Why security professionals trust Whalebone Immunity
- Adastra
- Nove Mesto municipality
- Panasonic
- Equa Bank
We have not been in contact with technical support at all. We haven’t needed it. It’s fail-safe and catches relevant threats.
Mario Lipovsky | IT Security Architect at Equa Bank
Read more on how Immunity helps IT teams across industries
Watch out for blind
spots in your security
Networks that depend only on traditional security measures are vulnerable to advanced threats, such as:
DNS tunneling & domain generation algorithms (DGA)
These techniques are used to bypass firewalls, allowing hackers to deploy and control malware, and to steal data. Immunity disrupts them through active work with DNS requests and AI analysis.
Homograph attacks
These attacks use visually similar letters to mimic your domain, luring employees into disclosing credentials or downloading infected files. Immunity alerts the IT team when it identifies this threat.
Leaked passwords & sensitive information
Most people use one password for multiple services, and even companies like Microsoft, LinkedIn, and Adobe have been breached. Immunity notifies you of any leaks connected to your domain.
Attacks using supply chain, IoTs, phishing, 0-day vulnerabilities
Immunity disrupts threats at multiple stages. Even past your first line of defense, attacks can be stopped when the malware attempts to communicate with the attacker, spread in the network, block your database, or steal your data.
Employees outside the network
Users outside the network are vulnerable to threats otherwise stopped by network security. Immunity provides them with the same protection as if they were connected to the company network.
INDUSTRIES
Solve security problems specific to your industry
Whalebone Immunity overview
- Secure typical blind spots – make sure that attackers cannot abuse your DNS security limitations.
- Protect all connected devices without the need to install anything.
- Save time thanks to a smooth deployment – you can make it work in 2 hours.
- Secure your remote employees with an easily deployed app.
- Get live audit and full visibility of the DNS traffic that traditionally flew under the radar.
- Prevent abuse of leaked credentials, including log-in information, passwords, and personal information.
- Choose on-premises, cloud, or hybrid deployment for best fit for your network.
- Simply set boundaries thanks to Content Filtering.
- Start a free 30-day trial with us and see immediate and quantifiable results.
1 Get to know Whalebone
Schedule a demo call where we will explain everything you need to know.
2 Use case modeling
We will figure out exactly what you need and our tech team will look into your particular deployment in detail.
3 Proof of concept
Start a free trial to see the value for yourself.
4 Deployment & Integration
Your whole network will be protected by Whalebone Immunity in less than 2 hours.
5 Initial training
You will learn how to make the best use of the product and its intuitive interface.
6 Lifetime support
We will not stop there. We will always provide you with immediate tech support.
This section outlines the system requirements, hardware compatibility, and key technical details needed to run our product effectively. Here, you'll find everything from supported operating systems to recommended hardware configurations, helping you ensure your setup is ready for optimal performance.
- Protocols and Encryption Standards – Whalebone leverages industry-standard encryption for DNS queries via DoH and DoT, which protects against unauthorized interception or manipulation of DNS traffic, a significant security measure for enterprises prioritizing data integrity and confidentiality. Whalebone Immunity ensures every query is DNSSEC validated to prevent from DNS spoofing.
- Network Requirements – Whalebone Immunity is adaptable to various specific network types ranging from simple networks without Active Directory to complex ones with various zones and different departments using different policy/blocking conditions. Whalebone Immunity can be deployed either as a split-forwarding or full-forwarding solution.
- Network Compatibility – Whalebone Immunity is compatible with common network security setups, such as popular firewall solutions and VPNs, allowing for seamless integration into existing IT infrastructures without requiring any significant reconfiguration.
- Scalability – Designed for enterprise scalability, Whalebone Immunity handles networks of varying sizes and complexity, with performance adjustments for larger networks to manage high DNS query loads.
- HW requirements – For deployments up to 25k users, minimal HW requirements are 2 CPU cores, 4 GB of RAM and 80 GB drive. Apart from on-premises deployment there is also the option to use cloud resolvers for really small deployments or a combination of both.
- High Availability – Number or resolvers deployed is not limited to tenants to ensure high availability of the DNS service. Our technical consulting team will help you prepare the right deployment scheme depending on your needs and network architecture.
- Integrations – Whalebone Immunity supports various integrations including seamless integration with Active Directory, Zabbix monitoring, and various log management tools. Whalebone Immunity supports full API configuration and data reading to ensure integration with SIEMs and similar systems.
Get a product that is easy to upsell to your current clients and opens doors for new business.
Why be a partner?
- Additional "must-have" layer to complete your cybersecurity portfolio offering.
- Lucrative margins and attractive discounts, increasing with your business success.
- Flexibility and responsiveness to your feedback and needs, with channel manager, marketing manager, and technical superhero assigned.
- Flexible architecture: On-premises, hybrid, or cloud deployments enable a versatile integration based on each network's unique requirements fully compliant with Active Directory.
- Fully customizable DNS Resolver: The caching recursive DNS resolver is fully configurable and abides by the latest standards. It can serve both IPv4 and IPv6 while strictly validating DNSSEC.
- We love Encrypted DNS: The full range of services can be offered over encrypted DNS protocols such as DNS over TLS (DoT) and DNS over HTTPS (DoH).
- Domain Intelligence: AI-based threat and content intelligence and real-time delivery provide a vital security layer.
- API integration: All the configuration and reporting options are made available via API.
- Off-Net Protection: Use our app Home Office Security to protect users in any network they connect to.
- Intuitive and practical GUI of the Admin Portal provides substantial DNS visibility.
- Identity Protection watches out for abuse of leaked sensitive information.
You are just 2 hours from eliminating the security blind spots of your network
- More than 50% of trials identify malicious traffic the customer did not know of, and more than 50% identify leaked passwords connected to the company domain
- No credit card needed, smooth deployment, immediate value
Whalebone Immunity FAQs
And the answers you might find helpful
The standard tool stack does not sufficiently protect against DNS tunneling/spoofing/poisoning (DNS-based attacks), attacks using domain generation algorithms (DGAs), homographic phishing (spear phishing), attacks via IoT devices, or abusing leaked credentials. DNS protection covers these, to close the gaps (utilized by over 90% of malware) and maximize your network security.
Tests on independent data by German cybersecurity testing authority AV-TEST show that Immunity-protected networks have an 80% higher threat detection rate than those using only top-tier next-gen firewalls.
DNS protection covers these areas to give you maximum confidence that your network is as protected as possible.
PDNS is widely regarded by leading industry experts as a must-have security solution because it significantly reduces the risk of malware and cyber attacks by blocking malicious domains before they reach a network.
According to experts like the US Deputy National Security Advisor and former NSA Director Anne Neuberger, PDNS can prevent up to 92% of malware attacks, including the disruption of command-and-control (C2) communications that are crucial to many cyber threats. This capability makes PDNS an effective and scalable line of defense against a wide range of cyber risks, which has been highlighted by both the Australian Signals Directorate and the UK’s National Cyber Security Centre. Both organizations have emphasized its role in safeguarding critical infrastructure and protecting organizations from malicious actors.
PDNS not only supports the security of users, devices, and critical infrastructure, as Gartner research advises, but it also aligns with regulatory requirements for resilience and reliability. The EU’s NIS2 Directive underscores the importance of a secure DNS for the stability of the digital economy, stressing that reliable PDNS solutions are foundational to both organizational and societal cyber resilience.
With DNS underpinning nearly all online activities, PDNS is recommended by cybersecurity authorities like CISA to be implemented as a high-availability service. This ensures organizations not only prevent unauthorized access but also maintain robust, continuous operations. Given these advantages and endorsements, PDNS serves as a critical component of a strong security posture for any organization trying to stay ahead of cyber attacks.
While traditional URL filtering focuses on managing web traffic, Whalebone delivers comprehensive DNS-level security that proactively blocks threats before they can reach your network. This ensures all your applications and services are protected with minimal impact on performance, providing a superior and essential layer of defense that complements and enhances your existing firewall and security measures – to support your efforts toward a genuine zero trust DNS (ZTDNS) approach to your security posture management.
Whalebone Immunity operates as a protective DNS system, which is recommended – and in some cases mandated – by cybersecurity authorities like the USA's CISA, the UK’s NCSC, the EU's ENISA, and Australia's ASD. DNS security not only mitigates risk but also aligns with standards and regulations that require organizations to protect their infrastructure, data, and users from cyber threats.
Regulatory frameworks such as the EU’s NIS2 mandate high availability and resilience for critical cybersecurity infrastructure. Whalebone integrates seamlessly with existing infrastructure and reduces the risk of cyber threats – to ensure high availability and align with global governments’ cybersecurity standards. Its approach to secure DNS ensures that organizations can meet mandatory security measures to protect their networks and users, supporting regulatory compliance, resilience, and autonomy.
According to industry experts like GigaOm analyst Paul Stringfellow, DNS security solutions are also easily integrated and minimally intrusive.
Whalebone Immunity is essential for critical infrastructure sectors – such as energy, healthcare, telecommunications, and transportation – because it delivers robust DNS security that addresses their unique vulnerabilities and regulatory needs.
By blocking access to malicious domains and C2 servers, Whalebone Immunity prevents malware, ransomware, and other cyber threats from disrupting essential operations and accessing sensitive systems, such as supervisory control and data acquisition (SCADA) and industrial control systems. This DNS-layer protection ensures that critical infrastructure remains resilient and operational, even amid sophisticated cyberattacks – vital for sectors that require uninterrupted service.
The solution also aids in regulatory compliance by aligning with standards like the NIS2 Directive, HIPAA, and others. Whalebone Immunity’s high availability and ease of integration further support these sectors' compliance needs, enabling reliable and seamless protection without disrupting current systems or operations.
By offering advanced threat intelligence and rapid incident response capabilities, Whalebone Immunity strengthens the overall cybersecurity posture of critical infrastructure, allowing organizations to secure their networks while embracing digital innovations like IoT and remote monitoring. In sum, Whalebone Immunity supports operational continuity, regulatory compliance, and security, ensuring the stability and safety of society’s most essential services.
DNS tunneling uses DNS traffic to smuggle information or code in/out of a network, primarily to steal data or control malware.
One of the largest cyberattacks to date, the SolarWinds attack, used DNS tunneling to steal information from almost 18,000 malware-infected networks – including those of organizations such as Microsoft, Cisco, and parts of the Pentagon. Even though protective DNS would not stop the malware from getting into the network, it would block C2 communication with the author and immediately notify the network admins, preventing any damage.
Firewalls are not enough, because based on a single query it is impossible to identify a DNS tunnel with sufficient success rate. Some firewalls look at every single query to detect known malicious codes, but they do not have the capacity to store the information and analyze patterns – which is exactly what Whalebone Immunity does, ultimately blocking the traffic deemed suspicious.
DNS spoofing (or DNS cache poisoning) is used to manipulate the DNS to redirect traffic to a fake website – usually closely mimicking the page contents originally sought. There attackers can prompt unsuspecting people to insert their password or download malware.
Firewalls just look at the DNS query, check it, and send it on as is. However, when Whalebone DNS Resolver® receives a packet, it creates new traffic to the authoritative server, compiles information, and creates a new packet to send back to the device. This prevents attackers from hijacking DNS traffic.
Given that only DNS traffic allowed in your network will be to the Whalebone DNS Resolver®, the attackers cannot hijack the DNS traffic to point your request to a fake domain.
Most security measures rely on databases of malicious domains. DGAs generate new random domains that are not part of any blacklist, thus avoiding detection.
From a single query, it is not possible to confidently identify DGA-generated domains; even with a 99% success-rate, the number of false positives would be overwhelming. Firewalls, which look at each passing query, cannot analyze patterns and thus cannot identify DGAs, only known algorithms – but new ones appear every day. Whalebone Immunity, however, stores and analyzes traffic, blocking domains based on query sequences.
The problem often stems from third-party services, which are frequently targeted by hackers with the goal of stealing the information about their users. Stolen data are then sold on the dark web or eventually made public among the hacker community. Even trusted companies such as Microsoft, LinkedIn, Canva, Adobe, Facebook, and many others have suffered breaches that exposed their customers’ data.
According to a Google survey, more than 65% of people use the same password for multiple services. If any of your employees have used a work email address to register to the breached service, their password can be used by hackers to simply try to log in into company email, databases, and other services in order to impersonate the company, spread malware, steal data, and more.
Our Identity Protection team identifies both new and old leaks, so that you can deal with the past ones as soon as possible and set up measures for any new ones occurring. Even if there is just a suspicion of a breach, you will be notified immediately.
In general, zero-day attacks use a vulnerability which was not yet identified by cybersecurity actors – i.e. undiscovered vulnerabilities.
A layered approach is needed to mitigate the risks as much as possible, since different protective solutions identify suspicious behavior via different means: endpoint security looks at the behavior of a file to determine if it is a malware, firewalls check HTTP(S) traffic for suspicious scripts, and Whalebone Immunity supplements endpoint security and firewalls by looking at the patterns in the DNS traffic and domains used to identify and block malicious activity.
In homographic attacks, often used for targeting phishing called spear phishing, the attackers lure employees to websites which look similar to existing services or providers, such as government websites, delivery companies, or even company intranet portals. The fake websites often use different alphabets or similarities between letters and numbers to mimic the original domain.
For example:
• google.com vs. gооgle.com, the latter using cyrillic “о” instead of standard “о”
• googIe.com vs. google.com, the former using capital “I” instead of lowercase “l”
Since the domains are usually created for the specific attacks, before the damage happens they are not identified as malicious and thus avoid detection. Whalebone Immunity enables you to set up monitoring for domains which are similar to yours, or to populate your blacklists in advance so that the access to these domains is blocked immediately.
While phishing is primarily mitigated by e-mail and other gateways, Whalebone Immunity brings a layer of extra security to make sure no damage is caused. Whalebone cooperates with SPAM-analyzing companies, telecommunication providers, and organizations within the DNS4EU project to instantly update our threat intelligence database in case the gateway is late to recognize and block the threat in case the message arrives and the user tries to click it.
Whalebone Immunity also enables you to set homograph alerts for homograph phishing (spear phishing using domains visually similar to yours) and populate blacklists with the probable variants of your domains which can be used to confuse your employees.
And if the phishing is successful in delivering malware to your network, Whalebone Immunity identifies its traffic to a domain used by the attackers and blocks it, effectively stopping the threat before it can cause any damage.
A supply-chain attack exploits a vulnerability in third-party software or services to access the target’s network. It is especially dangerous since the software used by the target company is trusted by the standard security measures. Moreover, this type of attack can use faults in software used by IoT devices, which usually do not have a strong embedded endpoint protection.
Nevertheless, once the malware gets into the network, it needs to be activated or it needs to be able to spread and infect other devices, access databases to be able to lock them or extract their data. According to US Deputy National Security Advisor and former NSA Director Anne Neuberger, 92% of malware has to use DNS for those C2 tasks – and this is where Whalebone Immunity stops it.
Whalebone Immunity detects and identifies malicious domain access and DNS query patterns, immediately blocking threats and alerting network administrators.
VPNs redirect all traffic through the corporate network, but they require employees to remember to connect each time, and many corporate cloud services do not need VPN access. This means that if employees forget to connect, they are not protected at all, leaving their devices vulnerable to potential data or password leaks.
Moreover, VPNs can significantly slow internet speed, especially if the hardware is not powerful enough to handle the traffic efficiently. With Whalebone Immunity’s Home Office Protection, DNS traffic is routed through the same resolver used in the office, ensuring seamless protection without the performance hit often associated with VPNs. This setup allows employees to work securely without being tied to a VPN connection, avoiding the troubleshooting issues that can arise from complex VPN rules.
While laptops often have endpoint detection and response (EDR) solutions deployed, Whalebone Immunity complements EDR by focusing on DNS-level security, blocking threats before they reach the endpoint, to ensure a strong additional protection layer for both on-site and remote employees.
Apart from numerous threat intelligence feeds, Whalebone uses unique local and regional threat intelligence data from public organizations within the DNS4EU projects and communications service providers (CSPs) like telecoms and internet service providers (ISPs).
Computer Emergency Response Teams (CERTs) within DNS4EU have proven crucial to providing significant threat intelligence for improved threat detection and real-time local and regional visibility. Telcos partnered with DNS4EU are able to leverage their infrastructures and government connections for nationwide deployment of the protective DNS service.
The data are used not only to distinguish the malicious domains missed by global databases, but also to teach a neural network, enabling it to identify malicious domains (which are not a part of any database) with a 99% success-rate.
Thanks to the unique data, you get an extra layer of protection which your current stack might miss – more than 50% of our customers identify such threats just during the Whalebone Immunity trial period.
No installation on end devices is needed, instantly protecting all devices in the network. Cloud deployments take under an hour, while on-premises or hybrid versions take up to five hours and require minimal server setup. The home-office protection option involves a simple app installation on remote devices.
The main advantage of DNS protection in deployment is that you do not need to install anything on the end devices, instantly protecting every device in the network, including mobile and IoT devices. There are different methods of deployment which you can choose and the time needed differs accordingly:
• The cloud version can be deployed in under an hour, making it ideal for smaller companies that only need to be protected without the requirement of deeper insight into the network.
• The on-premises or hybrid version takes up to five hours to deploy and requires a clean Linux installation on a virtual server with low HW requirements. This form of deployment allows for a deep insight into the network’s DNS traffic with granularity up to a single device.
• The deployment including Home-Office Protection requires a simple installation of the home-office app on the devices used for remote work, which can be deployed via MDM solutions. Thanks to this, the employees who work from elsewhere, be it home, business trip, or a café, will enjoy the same protection as those in the office.
During setup, you can choose the threshold after which Whalebone Immunity alerts you of suspicious behavior and another one behind which Whalebone Immunity will simply block the threat. These alerts will provide not only information about the threat, but can also provide the IP address of the targeted device as well as the device name.
Using IP addresses is uncommon for attackers, as IPs are more easily blacklisted and identified by malware sandboxes. In theory it can occur, but it is not an approach the attackers usually take, as IPs cannot be quickly moved around and thus are easier to detect and block. That’s why domains are used to communicate with the malware to ensure that it can be activated.
The same Whalebone technology protecting your network is used by major telecoms providers and hundreds of ISPs that are sensitive to false positives – they provide their services to millions of customers who would be rather annoyed by the wrong sites being blocked. It makes sense from both a customer-centric and a business perspective to keep false positives to an absolute minimum.
Whalebone Immunity is rigorously tested to ensure minimal false positives. Benchmark tests from AV-TEST indicate nearly perfect results, with Whalebone Immunity ranking at the top for low false positives. AV-TEST stated in their report that “The false positive results were nearly perfect with only one URL falsely blocked, putting Whalebone in the top spot compared to tests of other products performed in the past two years.”
In the rare case that a false positive is encountered, correcting it is a matter of one click, which sends it directly to the Threat Intelligence team for evaluation and (if found to be a false positive) white-labeling.
As the Network Security Manager of O2 Czech Republic Jan Hrdonka said: “Whalebone rises above the competition – even though nobody complained about false positives, we can see just how many real threats it blocks.”
In your network, you can configure the ports you use for DNS to block any usage apart from Whalebone DNS Resolver®. This means that even if a malware would alter the DNS preference of the affected device, the device would not be able to connect to the domain.
For encrypted DNS to work, the traffic itself needs to be resolved by the provider – and this step can be blocked by Whalebone Immunity (if you decide to do so), which causes the traffic to fall back on the Whalebone DNS Resolver®.