Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Cybersecurity Funding

DNSFilter Raises $30 Million in Series A Funding

Cybersecurity firm raises $30 Million to support growth of its AI-based DNS threat protection system

Cybersecurity firm raises $30 Million to support growth of its AI-based DNS threat protection system

Washington, DC-based DNS security firm DNSFilter has closed a $30 million Series A funding round led by Insight Partners, and supported by original seed investor, Arthur Ventures. Thomas Krane, a Principal at Insight, becomes a board director at DNSFilter; while Dmitri Alperovitch, co-founder and former CTO at CrowdStrike, separately joined DNSFilter’s Board of Directors.

Ken Carnesi, CEO and founder of DNSFilter, told SecurityWeek that the Series A funding will be used on further product R&D, and expansion of the firm’s global reach. He expects to take on a further 80 people this year.

DNSFilterWith the continuing growth of globalization and remote working, DNSFilter is based on the premise that it is more efficient to prevent local devices connecting to bad domains than it is to simply build traditional defenses around devices. “The traditional model of top-down, hardware-centric network security is disappearing in favor of solutions that readily plug in at the device level and can cater to highly distributed workforces,” comments Krane. If you know the bad domains, and you know where users are linking, you can simply stop the connection.

“The world has changed rapidly, and traditional networks and firewalls no longer provide the edge-protection that distributed workforces need to thrive,” adds Carnesi.

DNSFilter recognizes the bad domains by continuously scanning billions of domains using its own AI-based recognition system. It knows where its clients’ users are going by acting as the client’s DNS resolver.

The AI scans identify anomalies and potential vectors for malware, ransomware, phishing, deception, and fraud. “We look at the code, and the content on the page,” Carnesi told SecurityWeek. “We take image analysis into account; so, we’ll even take a screenshot of the site and compare it to screenshots of known good sites that it may be trying to impersonate. We note where the IP is hosted, who owns the domain, the age of the domain — you know, a bunch of different things.”

The advantage of owning and operating your own AI-based scanning system is that it can be continually improved. Carnesi told SecurityWeek that an upcoming improvement being developed now is the ability to detect bad individual URLs rather than just domains. This will mean that a bad URL within a good domain will still be detected – such as malicious content on a Dropbox page, or in an orphaned page hosted on an otherwise good website domain.

Advertisement. Scroll to continue reading.

The DNS resolver aspect means that DNSFilter sits between the user and these dangerous domains, and can prevent the two from meeting.

It is a concept that clearly resonates with industry. More than 1,400 brands, such as Lenovo, Newegg and Nvidia, already use the service, and it has experienced an eight-times growth in user activity over the last 12 months.

Speed is fundamental to this success. Carnesi told SecurityWeek that it has the second fastest resolver in the industry, with customers accessing servers close to their geographic location. European users, for example, are resolved by European servers, keeping European data within Europe and compliant with GDPR. Even if DNSFilter is compelled under FISA 702 (the primary bugbear between EU-U.S. data protection), it can only deliver completely anonymous data.

The use of its own AI-based bad domain discovery system is also considerably faster than reliance on third-party block lists – which have their own issues and are historical by nature. The result allows the firm to claim it “catches threats an average of 5 days before competitors”, and that it “boasts an industry-low rate of false positives”.

The concept is similar to the NCSC Protective DNS system operated in the UK, but the differences are a stark comment on the basic difference between free enterprise and state-operated solutions (a view affirmed by Insight’s Krane). DNSProtect is largely limited to UK government departments (although it is hoped to expand) and has scalability problems. DNSFilter is globally unlimited, scalable, and available to any organization. And there is no lingering concern over user data and browsing histories becoming available to the national spy agency (NCSC is part of GCHQ).

Related: NSA, DHS Issue Guidance on Protective DNS

Related: Akamai Launches New DNS Security Product

Related: CISA Reminds Federal Agencies to Use Its DNS Service

Related: Cloudflare Launches Free Secure DNS Service

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Forty cybersecurity-related M&A deals were announced in January 2023.


Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.


Thirty-five cybersecurity-related M&A deals were announced in February 2023


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...