About BI.ZONE Secure DNS

BI.ZONE Secure DNS (Solution and Secure DNS) analyzes DNS traffic of organizations to protect against DNS-based threats.

BI.ZONE Secure DNS enables early-stage detection of:

  • DNS tunneling

  • malware

  • bot control (C2) servers

  • phishing

  • dangerous and potentially dangerous domains

  • domain generation algorithms (DGAs)

Why this is important

DNS servers provide dynamic access to applications across networks, and DNS queries are typically allowed to pass even when local area network access is heavily restricted. Consequently, attackers exploit DNS servers as an entry point into an organization's infrastructure. They leverage DNS tunneling to establish communication channels with C2 servers and to exfiltrate data.

Traditional network security solutions—such as DDoS protection, next-generation firewalls, or IPS—are often ineffective at handling threats within DNS traffic. These solutions do not perform statistical analysis of DNS data, resulting in an unacceptably high false-positive rate. Furthermore, their countermeasures can lead to system downtime. Most critically, they fail to promptly detect data exfiltration attempts and DNS tunneling activity.

That’s why robust protection against DNS-based attacks requires a specialized solution like BI.ZONE Secure DNS.

Key features

  • Analyzes all DNS traffic in the organization.

  • Detects and blocks DNS tunnels (including communication with C2 servers).

  • Supports blacklists and whitelists for fully qualified domain names (FQDN).

  • Supports blacklists and whitelists for domains based on regular expressions (RegEx).

  • Supports filtering by more than 80 web categories.

  • Detects DGAs.

  • Detects and blocks malware and phishing via threat intelligence (TI) policies powered by BI.ZONE Threat Intelligence.

  • Supports SIEM systems integration. Performs context-aware DNS traffic analysis to hunt for and isolate suspicious activity, enriching SIEMs and external threat analysis solutions with valuable data.

  • Supports DNS over TLS (DoT) and DNS over HTTPS (DoH) to ensure the confidentiality of DNS queries between your endpoints and Secure DNS.

  • Provides granular, role-based access control (RBAC) for the service.

  • Supports multitenancy mode for isolating users from different organizations.

  • Features a multi-tier architecture. In hybrid deployments, enables filtering of DNS traffic from specific local network segments (e.g., various subsidiaries) to reduce the load on recursive resolvers and external servers.

  • Supports horizontal scaling. You can deploy any number of recursive resolvers for load balancing and high availability.

  • Supports BGP Anycast.