To identify the threats we use mix of different information sources. We’ve thoroughly tested outputs of many Threat Intelligence providers and we prepared an ideal combination of the reliable ones. To the external feeds we add results of our own malware analysis and analysis of the DNS traffic itself.
Whalebone protects you against malware
in each phase of its life-cycle
Computer get usually infected through a malicious email attachment that downloads a malware or a hacked website.
Getting C&C instructions
Getting C&C instructions
Active malware will contact the Command&Control server to ask for instructions send over the data it found.
Based on the instructions the malware will start the wrongdoing: encrypting user data, sending spam, DDoS attacks, hacking websites, etc.
DNS resolution made by Whalebone
Instead of your DNS resolvers you use the Whalebone resolvers. Cloud, on-premise or you combine the two as needed.
Whalebone recognizes the threat through one of the detection mechanisms a logs the event in the central management console.
Based on the configuration Whalebone is able to redirect the malicious traffic to the sinkhole page, the malware is not able to contact its servers.
For anomaly detection and forensic analysis of past incidents there is a whole DNS audit with drilldown capabilities available.
FILTERING ON THE DNS
Filtering on the DNS level brings many possibilities with minimum investments. It provides not only detection capabilities but also straightforward and transparent prevention of malicious traffic. The deployment is easily manageable, could be done incrementally step-by-step in chosen networks and the principles are obvious to all network administrators. The DNS protocol itself deals with most availability issues.
Whalebone DNS resolution takes place in multiple independent datacenters across Europe. Each datacenter individually guarantees availability 99.95%. Cloud and on-premise resolvers are architectured to be completely independent from the rest of the Whalebone components. We understand that the DNS resolution is a critical part of every infrastructure and we make sure it works at all times.
Cloud vs. On-premise resolver
Compare differences of Whalebone Cloud and On-premise DNS resolver
The offering of cloud resolver is suitable for cases where prevention matters most and where having the general overview of the traffic is satisfactory. On-premise resolver offers visibility on the local IP addresses and can identify the particular infected machines. Both approaches could be combined and managed in one account. Large networks could be covered by the on-premise resolvers and branch offices without own infrastructure can take advantage of cloud resolvers.