Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Government Backed ‘MDBR’ Service Blocks Connections to Malicious Domains

A new Malicious Domain Blocking and Reporting (MDBR) service will help organizations improve security by preventing IT systems from connecting to malicious domains. 

A new Malicious Domain Blocking and Reporting (MDBR) service will help organizations improve security by preventing IT systems from connecting to malicious domains. 

Launched through a partnership between the U.S. Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), Center for Internet Security (CIS), and Akamai Technologies, the MDBR service adds another layer of Domain Name System (DNS) security to help organizations protect applications. 

Expected to improve the security of U.S. state, local, tribal, and territorial (SLTT) government organizations, the fully managed proactive domain security service will be free for members CIS Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Through preventing connections to harmful domains, MDBR technology aims to reduce infections with known malware and ransomware, as well as prevent phishing and other common cyber-threats. Furthermore, the technology was meant to prevent malware from communicating with the command and control (C&C) server. 

Organizations looking to take advantage of MDBR simply need to point their DNS requests to Akamai’s DNS servers (MDBR is built on top of Akamai’s Enterprise Threat Protector (ETP) service). Thus, all DNS lookups are proactively compared against a list of known and suspected malicious domains. 

Attempts to connect to these domains will be blocked and logged, and CIS’ security analysts will provide members with reports on these blocked requests, in addition to helping with remediation, if needed.

Any SLTT should be able to easily integrate MDBR into existing information technology (IT) infrastructure. With CIS and Akamai fully maintaining the service, organizations won’t have to worry about maintenance. 

All logged data will be delivered to the CIS Security Operations Center (SOC), including details on DNS requests, either successful or blocked, which will then be used for analysis and reporting, for the betterment of the SLTT community. Each organization will also receive specific reporting and CIS will deliver regular reporting and intelligence services to SLTT members.

“MDBR will help SLTTs turbocharge their cyber defenses. It will be a key player in CIS’s growing arsenal of our defense-in-depth tool kit,” James Globe, CIS Vice President of Operations and Security Services, commented.

Related: Most Malicious Coronavirus-Related Domains Located in U.S.

Related: Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers

Related: Microsoft Files Lawsuit to Seize Domains Used in COVID-19-Themed Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...