Advanced DNS Security - Technical FAQ

How long does it take to activate the service?
How does Advanced DNS Security work?
Where does Secutec get all its data from?
How does the integration with local DNS servers work, e.g. the integrated IP domain blacklist via RPZ?
What will end users see when their DNS query is blocked?
Does Advanced DNS Security also work for DNS over HTTPS?
How does Secutec handle false positives?
How are local DNS requests forwarded?
How long is a malicious domain (e.g., a hacked server) kept in the database?
What about domains that contain a lot of harmful non-quality information, but also normal things?
How can we provide our own information if we ourselves are being targeted?

About complementarity

Does Advanced DNS Security adapt to the customer's environment?
Is Advanced DNS Security an addition to a firewall from another publisher?
What can Advanced DNS Security do in case of an attack on an IP address?
How will Secutec's efficiency change if the majority of DNS requests go through DOH/DOT?

Comparative

How is it different from the Cisco Umbrella?
What is the added value of Secure DNS over Cloudflare?

About Tanium Agent

How does Advanced DNS Security work for teleworkers using their own Internet connection?
Is the Tanium MDM Agent an additional cost?
Does the Tanium MDM Agent not conflict with the EDR functionality?

How long does it take to activate the service?

The service can be activated in less than an hour. It is easy to deploy on your network, regardless of the number of connected devices. A support will accompany you for the first 24 hours.

How does Advanced DNS Security work?

All DNS requests from your network are automatically forwarded to Secutec's Secure DNS servers. The domain reputation of the requested URL is immediately checked against a SIAM database, which centralizes local and international feeds. If the domain is categorised as unsafe in the database, the connection is not established. By blocking corrupt connections at this level, traffic to malicious websites is prevented.

Where does Secutec get all its data from?

Secutec exchanges data with local and international CERTs and with the CCB (Centre for Cybersecurity Belgium). They also purchase feeds that are very powerful at botnet level.

Secutec relies on a very large database that is fed by 35 and 400 virtual systems and honeypots.

The database of Secutec is 450 GB big with the data of all publishers together.

How does the integration with local DNS servers work, e.g. the integrated IP domain blacklist via RPZ?

Secutec receives more than 35 lists that are qualitatively analysed on various points. If you use certain lists, you will have to find out for yourself whether the blocking is from your own list or from the Secutec database.

What will end users see when their DNS query is blocked?

This is entirely up to you. For example, you can choose not to display anything to make it look like there is a network connection problem.

Does Advanced DNS Security also work for DNS over HTTPS?

This is possible too, as Advanced DNS Security supports both. But this requires more configuration. It depends of your organization needs. 

How does Secutec handle false positives?

Currently, you still has to report false positives to Secutec yourself. Secutec has an SLA of 60 minutes to release the domain. In the next release, you will be able to whitelist and blacklist a domain yourself through the user interface.

How are local DNS requests forwarded?

It is Secutec's DNS servers that are set up as DNS forwarders to resolve DNS requests.

How long is a malicious domain (e.g., a hacked server) kept in the database?

By default, these are kept for 6 months. If after 6 months connections still go to this domain, there will be additional tests.

What about domains that contain a lot of harmful non-quality information, but also normal things?

It is Secutec's DNS servers that are set up as DNS forwarders to resolve DNS requests.

How can we provide our own information if we ourselves are being targeted?

For a one-time issue via email. 

Does Advanced DNS Security adapt to the customer's environment?

Secutec can perfectly link its environment to yours, so that all information from alerts comes directly to you.

Is Advanced DNS Security an addition to a firewall from another publisher?

It is a complement to everything else that comes along with your antivirus, EDR (Endpoint Detection and Response) or firewall, even if they come from another publisher. 

What can Advanced DNS Security do in case of an attack on an IP address?

98% of current attacks are commercial attacks and this always takes place at the DNS level. By relying on Advanced DNS Security, which takes care of the DNS layer, you can, for example, keep an eye on direct IP attacks.

How will Secutec's efficiency change if the majority of DNS requests go through DOH/DOT?

Secutec is evolving in parallel and supports SDNS perfectly, for example. To date, Secutec's technology combines perfectly with that of the customer.

How is it different from the Cisco Umbrella?

  • Cisco Umbrella is a more complete solution but has less data behind it. 
  • They have the Cisco FEED. Secutec database is much larger and therefore more effective in terms of security. 
  • They do content filtering, which is not the case with Secutec. 
  • Cisco has an agent for Linux, Windows and all platforms, while Secutec currently only has an agent for Windows.

What is the added value of Secure DNS over Cloudflare?

The intelligence at the local level. Secutec receives feeds from the Belgian and other European CERTs. 25% of the Secutec feeds are data that other vendors do not have. 

How does Advanced DNS Security work for teleworkers using their own Internet connection?

In some cases, a VPN tunnel is automatically set up between the teleworker and his office. With a full VPN there is no problem, and DNS goes through the office. 
With split tunnelling there are 2 options. In the first case, the DNS goes via the VPN and the local data continues to go to the local break-out. In the other case Secutec uses the Tanium MDM agent. The advantage of this is that if a device is infected with malware and it automatically spreads that malware, Advanced DNS Security can use the Tanium MDM agent to stop this process at PC level.

Is the Tanium MDM Agent an additional cost?

Yes, it is not taken for the entire network in most cases. The Tanium MDM Agent is however currently only available for Windows. In the future, there will also be an agent for MAC and mobile users.

Does the Tanium MDM Agent not conflict with the EDR functionality?

No, because the agent is not a scanner. Its only function is to forward the DNS requests to Secutec's IP addresses.

Did you find this FAQ useful?

Copyright © 2022 Belnet.