Cybersecurity firm raises $30 Million to support growth of its AI-based DNS threat protection system
Washington, DC-based DNS security firm DNSFilter has closed a $30 million Series A funding round led by Insight Partners, and supported by original seed investor, Arthur Ventures. Thomas Krane, a Principal at Insight, becomes a board director at DNSFilter; while Dmitri Alperovitch, co-founder and former CTO at CrowdStrike, separately joined DNSFilter’s Board of Directors.
Ken Carnesi, CEO and founder of DNSFilter, told SecurityWeek that the Series A funding will be used on further product R&D, and expansion of the firm’s global reach. He expects to take on a further 80 people this year.
With the continuing growth of globalization and remote working, DNSFilter is based on the premise that it is more efficient to prevent local devices connecting to bad domains than it is to simply build traditional defenses around devices. “The traditional model of top-down, hardware-centric network security is disappearing in favor of solutions that readily plug in at the device level and can cater to highly distributed workforces,” comments Krane. If you know the bad domains, and you know where users are linking, you can simply stop the connection.
“The world has changed rapidly, and traditional networks and firewalls no longer provide the edge-protection that distributed workforces need to thrive,” adds Carnesi.
DNSFilter recognizes the bad domains by continuously scanning billions of domains using its own AI-based recognition system. It knows where its clients’ users are going by acting as the client’s DNS resolver.
The AI scans identify anomalies and potential vectors for malware, ransomware, phishing, deception, and fraud. “We look at the code, and the content on the page,” Carnesi told SecurityWeek. “We take image analysis into account; so, we’ll even take a screenshot of the site and compare it to screenshots of known good sites that it may be trying to impersonate. We note where the IP is hosted, who owns the domain, the age of the domain — you know, a bunch of different things.”
The advantage of owning and operating your own AI-based scanning system is that it can be continually improved. Carnesi told SecurityWeek that an upcoming improvement being developed now is the ability to detect bad individual URLs rather than just domains. This will mean that a bad URL within a good domain will still be detected – such as malicious content on a Dropbox page, or in an orphaned page hosted on an otherwise good website domain.
The DNS resolver aspect means that DNSFilter sits between the user and these dangerous domains, and can prevent the two from meeting.
It is a concept that clearly resonates with industry. More than 1,400 brands, such as Lenovo, Newegg and Nvidia, already use the service, and it has experienced an eight-times growth in user activity over the last 12 months.
Speed is fundamental to this success. Carnesi told SecurityWeek that it has the second fastest resolver in the industry, with customers accessing servers close to their geographic location. European users, for example, are resolved by European servers, keeping European data within Europe and compliant with GDPR. Even if DNSFilter is compelled under FISA 702 (the primary bugbear between EU-U.S. data protection), it can only deliver completely anonymous data.
The use of its own AI-based bad domain discovery system is also considerably faster than reliance on third-party block lists – which have their own issues and are historical by nature. The result allows the firm to claim it “catches threats an average of 5 days before competitors”, and that it “boasts an industry-low rate of false positives”.
The concept is similar to the NCSC Protective DNS system operated in the UK, but the differences are a stark comment on the basic difference between free enterprise and state-operated solutions (a view affirmed by Insight’s Krane). DNSProtect is largely limited to UK government departments (although it is hoped to expand) and has scalability problems. DNSFilter is globally unlimited, scalable, and available to any organization. And there is no lingering concern over user data and browsing histories becoming available to the national spy agency (NCSC is part of GCHQ).