Overview

Installed from an MSI/DMG file, operating system agent takes control of DNS and network. It provides local caching, acts as a DNS relay agent and focal point for Active Directory (AD) integration.

Our web browser extension constantly talks to the operating system agent and provides a single sign on between operating system and web browsers. It applies in-context security policies without a need to decrypt the end-to-end traffic.

Following visual shows the main components of our solution:

DNS: The Domain Name System (DNS) is the hierarchical and decentralized naming system used to identify computers reachable through the Internet or other Internet Protocol (IP) networks. For example, the domain name www.example.com translates to the addresses 93.184.216.34 (IPv4) and 2606:2800:220:1:248:1893:25c8:1946 (IPv6).

DNS is in use for more than 70 years, one of the core elements of the Internet and the web. It is the most vulnerable part of a computer and must be protected.

Web Browser: Web browsers are one of the most complex applications in the modern world. They are the main gateway to consume all the benefits of the Internet. A modern web browser can have more than 35 millions of lines of code, making them as complex as an operating system. We use web browsers almost on any device including desktops, laptops, tablets and smartphones.

Remote Browser: A remote browser is a headless web browser engine running in the cloud which you can use and control remotely, like flying a drone.

Secure Web Gateway: A secure Web gateway (SWG) is primarily used to monitor and prevent malicious traffic and data from entering, or even leaving, an organization’s network. Typically, it is implemented to secure an organization against threats originating from the Internet, websites and other Web 2.0 products/services.

It is possible to create simple policies for fast onboarding, and if there is a need, possible to construct the most complex policies.

DNS tools lack of following technologies:

DNS and its nature

The core design of legacy DNS-based solutions is to solve problems for office-centric organizations. Webtitan, DNSFilter, Cisco umbrella, and similar products use DNS servers on their cloud and require DNS addresses to be changed and targeted to their cloud IPs. They have the roaming client concept and require active directory integration software to be deployed in every office location. They use only DNS protocol as a tool and provide limited visibility and protection. DNS is the most basic protocol, where you can have only domain information.

DefensX, as a novel solution, is built on top of modern end-point technologies. Our agent transparently listens to DNS traffic on the device and alternates, if need be, based on the communication with the cloud. Our web browser security extension provides an embedded secure gateway without the need for any decryption. It injects in-context DefensX Security Javascripts, cleaning end-to-end web sessions in the browser and providing the most advanced level of visibility and protection.

The domain name is the only input to decide whether a web page is secure or not in a legacy DNS-only protection tool. In our solution, we have tens of data points to make a decision.

Active Directory Integration Pains

Legacy products require an Active Directory connector software deployment in the office locations, which needs a separate installation and maintenance. In our solution, every agent can act as an Active Directory integration point. Our operating system agent automatically learns the AD domain/user group/username information from the end-point and pushes them to the cloud. Our agent takes care of all the integration once you provide the domain names you want to synchronize in the cloud backend.

Virtual Instances, Shared Devices, DaaS, VDI Problems

DNS-only tools can not identify users individually on a shared environment, such as Microsoft Terminal Server, Azure Virtual Desktops, or Amazon Workspaces. It is not surprising because DNS is a device-level protocol; with legacy tools, you can only apply device-based policies. In many cases, this is insufficient for regulations and reporting.

Our solution, with the help of our embedded secure web gateway, can identify end-users in a shared desktop environment and apply policies for individual users.

Lack of Cloud Transformation Support Such As Azure AD

Integrating legacy solutions with Azure AD or similar IAM solutions is practically impossible.

You can easily integrate our solution with Azure AD, Google ID, and Octa within seconds. It is possible to provide a single tool for companies currently using AD and migrating to Azure AD and manage all identities in a single pane of glass.

DNS over HTTPS

DNS-only solutions are blind when DNS over HTTP is used on web browsers. These tools can not see the DNS traffic or block any website if this mode is enabled. More importantly, there is a significant probability that web browser makers will allow DNS over HTTP by default. A tremendous effort is needed to ensure the end-users do not use DNS over HTTP.

Limited Visibility and The Excessive Number of False Positives

DNS-only tools only have one word in their vocabulary, which is the domain name.

In our solution, we provide complete URI visibility, visibility of the files and file transfers, end-user behavior based visibility, credentials exposure visibility, shadow IT visibility. This is way beyond the visibility that DNS layer provides which is simply "allow/block by domain name".

Limited Protection

DNS-only tools have only "block" or "allow" policies. Our solution provides Read-only and Remote Browser Isolation tools.

VPN and Similar Tools Won’t Work With DNS Solutions

Many solutions require changing the DNS settings to function on an end-point. DNS-only tools can’t work with these tools.

Our solution will not change the DNS settings and will work seamlessly with most of the tools required to impose their DNS servers when our kernel mode is in use.

Utmost visibility

With our reporting engine, it is possible to create custom reports with 10 different optics. Also, we do provide a SIEM integration and we have the ability to push all the events in CIF format to the MSP’s SIEM tools.