NSA and CISA Jointly Issued Guidance On Protective DNS Services


America’s chief security departments The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) have released a joint information sheet on Thursday which provides information regarding the positive outcomes of using a Protective Domain Name System (PDNS). 

How Protective Domain Name System (PDNS) works? 

Its (PDNS) service uses present Domain Name System (DNS) protocols and its structure to analyze DNS queries and mitigate threats. It leverages many open sources, such as non-profit organizations, and various governmental threat feeds to categorize domain information and block queries to identified hackers' domains. 

According to The National Security Agency (NSA) and the Cybersecurity and Infrastructure Agency (CISA), the service (PDNS) presents threat prevention measures against network exploitation, includes various kind of online threats such as addressing phishing attacks, malware distribution, domain generation algorithms, command and control, and content filtering. 

Additionally, a PDNS can log in and save suspicious data and can give a blocked response to the malicious activities into a system– such as ransomware locking victim files – while letting institutions using those logged DNS information data. 

The information sheet gave a list of providers, but NSA and CISA explicitly stated, “We, the federal agencies do not endorse one provider over another”. The listed six companies are BlueCat, Akamai, Cisco, EfficientIP, Nominet, and Neustar. 

How NSA and CISA made their recommendations? 

The recommendations are based on the learned lessons from an NSA PDNS pilot. The NSA partnered with the Defense Cyber Crime Center (DDCCC) department to offer PDNS-as-a-service to its members of the defense industrial base. Alongside, the PDNS studied over 4 billion DNS queries and participating networks, and successfully blocked millions of connections identified as malicious domains. 

Oliver Tavakoli, chief technology officer at Vectra stated, “Like other preventive approaches, they are useful in protecting organizations from known bads, but ultimately fall short in blocking the early stages of a new attack or more sophisticated attacks...”

“...So it makes sense to implement PDNS to reduce the attack surface, however, it should not be thought of as a preventive silver bullet that obviates the need to detect attackers who know how to bypass these protections.” She added. 

Ray Kelly, a principal security engineer at WhiteHat Security, added that “DNS exploitations are still incredibly rampant and require some attention because they are such an effective technique used by malicious actors”.