The standard tool stack does not sufficiently protect against DNS tunneling/spoofing/poisoning (DNS-based attacks), attacks using domain generation algorithms (DGAs), homographic phishing (spear phishing), attacks via IoT devices, or abusing leaked credentials. DNS protection covers these, to close the gaps (utilized by over 90% of malware) and maximize your network security.

Tests on independent data by German cybersecurity testing authority AV-TEST show that Immunity-protected networks have an 80% higher threat detection rate than those using only top-tier next-gen firewalls.

DNS protection covers these areas to give you maximum confidence that your network is as protected as possible.

PDNS is widely regarded by leading industry experts as a must-have security solution because it significantly reduces the risk of malware and cyber attacks by blocking malicious domains before they reach a network. 

According to experts like the US Deputy National Security Advisor and former NSA Director Anne Neuberger, PDNS can prevent up to 92% of malware attacks, including the disruption of command-and-control (C2) communications that are crucial to many cyber threats. This capability makes PDNS an effective and scalable line of defense against a wide range of cyber risks, which has been highlighted by both the Australian Signals Directorate and the UK’s National Cyber Security Centre. Both organizations have emphasized its role in safeguarding critical infrastructure and protecting organizations from malicious actors.

PDNS not only supports the security of users, devices, and critical infrastructure, as Gartner research advises, but it also aligns with regulatory requirements for resilience and reliability. The EU’s NIS2 Directive underscores the importance of a secure DNS for the stability of the digital economy, stressing that reliable PDNS solutions are foundational to both organizational and societal cyber resilience.

With DNS underpinning nearly all online activities, PDNS is recommended by cybersecurity authorities like CISA to be implemented as a high-availability service. This ensures organizations not only prevent unauthorized access but also maintain robust, continuous operations. Given these advantages and endorsements, PDNS serves as a critical component of a strong security posture for any organization trying to stay ahead of cyber attacks.

While traditional URL filtering focuses on managing web traffic, Whalebone delivers comprehensive DNS-level security that proactively blocks threats before they can reach your network. This ensures all your applications and services are protected with minimal impact on performance, providing a superior and essential layer of defense that complements and enhances your existing firewall and security measures – to support your efforts toward a genuine zero trust DNS (ZTDNS) approach to your security posture management.

Whalebone Immunity operates as a protective DNS system, which is recommended – and in some cases mandated – by cybersecurity authorities like the USA's CISA, the UK’s NCSC, the EU's ENISA, and Australia's ASD. DNS security not only mitigates risk but also aligns with standards and regulations that require organizations to protect their infrastructure, data, and users from cyber threats.

Regulatory frameworks such as the EU’s NIS2 mandate high availability and resilience for critical cybersecurity infrastructure. Whalebone integrates seamlessly with existing infrastructure and reduces the risk of cyber threats – to ensure high availability and align with global governments’ cybersecurity standards. Its approach to secure DNS ensures that organizations can meet mandatory security measures to protect their networks and users, supporting regulatory compliance, resilience, and autonomy.

According to industry experts like GigaOm analyst Paul Stringfellow, DNS security solutions are also easily integrated and minimally intrusive.

Whalebone Immunity is essential for critical infrastructure sectors – such as energy, healthcare, telecommunications, and transportation – because it delivers robust DNS security that addresses their unique vulnerabilities and regulatory needs. 

By blocking access to malicious domains and C2 servers, Whalebone Immunity prevents malware, ransomware, and other cyber threats from disrupting essential operations and accessing sensitive systems, such as supervisory control and data acquisition (SCADA) and industrial control systems. This DNS-layer protection ensures that critical infrastructure remains resilient and operational, even amid sophisticated cyberattacks – vital for sectors that require uninterrupted service.

The solution also aids in regulatory compliance by aligning with standards like the NIS2 Directive, HIPAA, and others. Whalebone Immunity’s high availability and ease of integration further support these sectors' compliance needs, enabling reliable and seamless protection without disrupting current systems or operations. 

By offering advanced threat intelligence and rapid incident response capabilities, Whalebone Immunity strengthens the overall cybersecurity posture of critical infrastructure, allowing organizations to secure their networks while embracing digital innovations like IoT and remote monitoring. In sum, Whalebone Immunity supports operational continuity, regulatory compliance, and security, ensuring the stability and safety of society’s most essential services.

DNS tunneling uses DNS traffic to smuggle information or code in/out of a network, primarily to steal data or control malware.

One of the largest cyberattacks to date, the SolarWinds attack, used DNS tunneling to steal information from almost 18,000 malware-infected networks – including those of organizations such as Microsoft, Cisco, and parts of the Pentagon. Even though protective DNS would not stop the malware from getting into the network, it would block C2 communication with the author and immediately notify the network admins, preventing any damage.

Firewalls are not enough, because based on a single query it is impossible to identify a DNS tunnel with sufficient success rate. Some firewalls look at every single query to detect known malicious codes, but they do not have the capacity to store the information and analyze patterns – which is exactly what Whalebone Immunity does, ultimately blocking the traffic deemed suspicious.

DNS spoofing (or DNS cache poisoning) is used to manipulate the DNS to redirect traffic to a fake website – usually closely mimicking the page contents originally sought. There attackers can prompt unsuspecting people to insert their password or download malware.

Firewalls just look at the DNS query, check it, and send it on as is. However, when Whalebone DNS Resolver® receives a packet, it creates new traffic to the authoritative server, compiles information, and creates a new packet to send back to the device. This prevents attackers from hijacking DNS traffic.

Given that only DNS traffic allowed in your network will be to the Whalebone DNS Resolver®, the attackers cannot hijack the DNS traffic to point your request to a fake domain.

Most security measures rely on databases of malicious domains. DGAs generate new random domains that are not part of any blacklist, thus avoiding detection.

From a single query, it is not possible to confidently identify DGA-generated domains; even with a 99% success-rate, the number of false positives would be overwhelming. Firewalls, which look at each passing query, cannot analyze patterns and thus cannot identify DGAs, only known algorithms – but new ones appear every day. Whalebone Immunity, however, stores and analyzes traffic, blocking domains based on query sequences.

The problem often stems from third-party services, which are frequently targeted by hackers with the goal of stealing the information about their users. Stolen data are then sold on the dark web or eventually made public among the hacker community. Even trusted companies such as Microsoft, LinkedIn, Canva, Adobe, Facebook, and many others have suffered breaches that exposed their customers’ data.

According to a Google survey, more than 65% of people use the same password for multiple services. If any of your employees have used a work email address to register to the breached service, their password can be used by hackers to simply try to log in into company email, databases, and other services in order to impersonate the company, spread malware, steal data, and more.

Our Identity Protection team identifies both new and old leaks, so that you can deal with the past ones as soon as possible and set up measures for any new ones occurring. Even if there is just a suspicion of a breach, you will be notified immediately.

In general, zero-day attacks use a vulnerability which was not yet identified by cybersecurity actors – i.e. undiscovered vulnerabilities.

A layered approach is needed to mitigate the risks as much as possible, since different protective solutions identify suspicious behavior via different means: endpoint security looks at the behavior of a file to determine if it is a malware, firewalls check HTTP(S) traffic for suspicious scripts, and Whalebone Immunity supplements endpoint security and firewalls by looking at the patterns in the DNS traffic and domains used to identify and block malicious activity.

In homographic attacks, often used for targeting phishing called spear phishing, the attackers lure employees to websites which look similar to existing services or providers, such as government websites, delivery companies, or even company intranet portals. The fake websites often use different alphabets or similarities between letters and numbers to mimic the original domain.

For example:

• google.com vs. gооgle.com, the latter using cyrillic “о” instead of standard “о”

• googIe.com vs. google.com, the former using capital “I” instead of lowercase “l”

Since the domains are usually created for the specific attacks, before the damage happens they are not identified as malicious and thus avoid detection. Whalebone Immunity enables you to set up monitoring for domains which are similar to yours, or to populate your blacklists in advance so that the access to these domains is blocked immediately.

While phishing is primarily mitigated by e-mail and other gateways, Whalebone Immunity brings a layer of extra security to make sure no damage is caused. Whalebone cooperates with SPAM-analyzing companies, telecommunication providers, and organizations within the DNS4EU project to instantly update our threat intelligence database in case the gateway is late to recognize and block the threat in case the message arrives and the user tries to click it.

Whalebone Immunity also enables you to set homograph alerts for homograph phishing (spear phishing using domains visually similar to yours) and populate blacklists with the probable variants of your domains which can be used to confuse your employees.

And if the phishing is successful in delivering malware to your network, Whalebone Immunity identifies its traffic to a domain used by the attackers and blocks it, effectively stopping the threat before it can cause any damage.

A supply-chain attack exploits a vulnerability in third-party software or services to access the target’s network. It is especially dangerous since the software used by the target company is trusted by the standard security measures. Moreover, this type of attack can use faults in software used by IoT devices, which usually do not have a strong embedded endpoint protection.

Nevertheless, once the malware gets into the network, it needs to be activated or it needs to be able to spread and infect other devices, access databases to be able to lock them or extract their data. According to US Deputy National Security Advisor and former NSA Director Anne Neuberger, 92% of malware has to use DNS for those C2 tasks – and this is where Whalebone Immunity stops it.

Whalebone Immunity detects and identifies malicious domain access and DNS query patterns, immediately blocking threats and alerting network administrators.

VPNs redirect all traffic through the corporate network, but they require employees to remember to connect each time, and many corporate cloud services do not need VPN access. This means that if employees forget to connect, they are not protected at all, leaving their devices vulnerable to potential data or password leaks.

Moreover, VPNs can significantly slow internet speed, especially if the hardware is not powerful enough to handle the traffic efficiently. With Whalebone Immunity’s Home Office Protection, DNS traffic is routed through the same resolver used in the office, ensuring seamless protection without the performance hit often associated with VPNs. This setup allows employees to work securely without being tied to a VPN connection, avoiding the troubleshooting issues that can arise from complex VPN rules.

While laptops often have endpoint detection and response (EDR) solutions deployed, Whalebone Immunity complements EDR by focusing on DNS-level security, blocking threats before they reach the endpoint, to ensure a strong additional protection layer for both on-site and remote employees.

Apart from numerous threat intelligence feeds, Whalebone uses unique local and regional threat intelligence data from public organizations within the DNS4EU projects and communications service providers (CSPs) like telecoms and internet service providers (ISPs).

Computer Emergency Response Teams (CERTs) within DNS4EU have proven crucial to providing significant threat intelligence for improved threat detection and real-time local and regional visibility. Telcos partnered with DNS4EU are able to leverage their infrastructures and government connections for nationwide deployment of the protective DNS service.

The data are used not only to distinguish the malicious domains missed by global databases, but also to teach a neural network, enabling it to identify malicious domains (which are not a part of any database) with a 99% success-rate.

Thanks to the unique data, you get an extra layer of protection which your current stack might miss – more than 50% of our customers identify such threats just during the Whalebone Immunity trial period.

No installation on end devices is needed, instantly protecting all devices in the network. Cloud deployments take under an hour, while on-premises or hybrid versions take up to five hours and require minimal server setup. The home-office protection option involves a simple app installation on remote devices.

The main advantage of DNS protection in deployment is that you do not need to install anything on the end devices, instantly protecting every device in the network, including mobile and IoT devices. There are different methods of deployment which you can choose and the time needed differs accordingly:

• The cloud version can be deployed in under an hour, making it ideal for smaller companies that only need to be protected without the requirement of deeper insight into the network.

• The on-premises or hybrid version takes up to five hours to deploy and requires a clean Linux installation on a virtual server with low HW requirements. This form of deployment allows for a deep insight into the network’s DNS traffic with granularity up to a single device.

• The deployment including Home-Office Protection requires a simple installation of the home-office app on the devices used for remote work, which can be deployed via MDM solutions. Thanks to this, the employees who work from elsewhere, be it home, business trip, or a café, will enjoy the same protection as those in the office.

During setup, you can choose the threshold after which Whalebone Immunity alerts you of suspicious behavior and another one behind which Whalebone Immunity will simply block the threat. These alerts will provide not only information about the threat, but can also provide the IP address of the targeted device as well as the device name.

Using IP addresses is uncommon for attackers, as IPs are more easily blacklisted and identified by malware sandboxes. In theory it can occur, but it is not an approach the attackers usually take, as IPs cannot be quickly moved around and thus are easier to detect and block. That’s why domains are used to communicate with the malware to ensure that it can be activated.

The same Whalebone technology protecting your network is used by major telecoms providers and hundreds of ISPs that are sensitive to false positives – they provide their services to millions of customers who would be rather annoyed by the wrong sites being blocked. It makes sense from both a customer-centric and a business perspective to keep false positives to an absolute minimum.

Whalebone Immunity is rigorously tested to ensure minimal false positives. Benchmark tests from AV-TEST indicate nearly perfect results, with Whalebone Immunity ranking at the top for low false positives. AV-TEST stated in their report that “The false positive results were nearly perfect with only one URL falsely blocked, putting Whalebone in the top spot compared to tests of other products performed in the past two years.”

In the rare case that a false positive is encountered, correcting it is a matter of one click, which sends it directly to the Threat Intelligence team for evaluation and (if found to be a false positive) white-labeling.

As the Network Security Manager of O2 Czech Republic Jan Hrdonka said: “Whalebone rises above the competition – even though nobody complained about false positives, we can see just how many real threats it blocks.”

In your network, you can configure the ports you use for DNS to block any usage apart from Whalebone DNS Resolver®. This means that even if a malware would alter the DNS preference of the affected device, the device would not be able to connect to the domain.

For encrypted DNS to work, the traffic itself needs to be resolved by the provider – and this step can be blocked by Whalebone Immunity (if you decide to do so), which causes the traffic to fall back on the Whalebone DNS Resolver®.