Cisco (Nasdaq:CSCO) has bulked-up its Domain Name System (DNS) security software with new features including AI-enhanced DNS tunneling mitigation and stronger cloud malware detection.
Cisco Secure Access ā DNS Defense replaces the current Cisco Umbrella DNS Essentials and Advantage packages and significantly enhances those offerings, according to Steve Brunetto, director of product management for Cisco Secure Access and Umbrella.
New AI support to detect and block DNS tunneling techniques can improve detection rates by 11.1% while reducing false positives, for example. In addition, DNS Defense now employs AI-powered capabilities to prevent communications with malicious domains generated by Domain Generation Algorithm (DGA) that can launch command-and-control attacks from compromised devices, Brunetto stated in a blog post about the news.
The software can block domains associated with phishing, malware, botnets, and other high-risk categories such as cryptomining or new domains that havenāt been reported previously.Ā It can also create custom block and allow lists and offers the ability to pinpoint compromised systems using real-time security activity reports, Brunetto wrote.
According to Cisco, many organizations leave DNS resolution to their ISP. āBut the growth of direct enterprise internet connections and remote work make DNS optimization for threat defense, privacy, compliance, and performance ever more important,ā Cisco stated.Ā āAlong with core security hygiene, like a patching program, strong DNS-layer security is the leading cost-effective way to improve security posture. It blocks threats before they even reach your firewall, dramatically reducing the alert pressure your security team manages.ā
āUnlike other Secure Service Edge (SSE) solutions that have added basic DNS security in a ācheckboxā attempt to meet market demand, Cisco Secure Access ā DNS Defense embeds strong security into its global network of 50+ DNS data centers,ā Brunetto wrote. āAmong all SSE solutions, only Ciscoās features a recursive DNS architecture that ensures low-latency, fast DNS resolution, and seamless failover.ā
Other new features of DNS Defense include:
- SaaS API data loss prevention: Monitors and protects sensitive data within cloud applications like Microsoft 365, Google Workspace, and Box by scanning for data exposure and enforcing compliance policies.
- Cloud malware detection: Automatically scans files stored in cloud services (e.g., Box, Dropbox, Webex, Microsoft 365, Google Drive, AWS S3, Azure) for malware, preventing malicious files from reaching endpoints.
DNS Defense is part of Ciscoās overarching Secure Access package that consolidates multiple security functions ā such as secure web gateway, zero trust network access, cloud access security broker, DLP and VPNaaS ā in one platform. From a single console, customers can choose the packages they want to implement.Ā
Existing Cisco Umbrella DNS Essentials and Advantage can switch traffic from one system to the other via an upgrade manager in the administration portal, according to Cisco. No redeployment of software or changes to network policy or configurations is required.