DNS Security
Domain Classification & IP Reputation Threat Intelligence Feeds for DNS Providers
DNS providers use alphaMountain’s domain classification and IP reputation feeds to enhance security, filter content, and improve threat detection. Here the use cases and best practices for DNS providers integrating alphaMountain’s domain and IP threat intelligence feeds.
Product Use Cases
Domain Classification for DNS Security
- Categorization: Instantly classify domains into categories such as malicious, phishing, adult content, dynamic DNS, or popular/common domains. alphaMountain’s threat intelligence feeds offer 89 domain categories enabling fine-grained policy creation for DNS security.
- Policy Enforcement: Enforce or enable the enforcement of policies such as blocking, allowing, or logging requests based on the domain’s category.
- Dynamic Updates: alphaMountain’s domain threat intelligence feeds are continuously updated with new domains and emerging threats, allowing DNS providers to adapt and stay ahead of evolving risks.
Domain & IP Reputation Feeds
- Reputation Scoring: alphMountain scores domains and IP addresses based on our advanced machine learning and AI model that is dedicated exclusively to risk ratings.
- Blocking and Filtering: When a DNS query resolves to an IP with a poor reputation from a high risk rating, providers can block or redirect the request, preventing users from reaching potentially harmful resources.
- Integration with DNS Responses: DNS providers may flag or annotate DNS records in their cache with reputation data, influencing how resolvers or security tools handle subsequent queries.
Threat Intelligence Deployment Model
Detection
When a DNS query is received, the provider checks the requested domain and its resolved IP against alphaMountain’s locally-cached classification and reputation database.
Decision
Based on the results, the provider applies security policies such as blocking, redirecting, or allowing the request.
Blocklist and Threat Intelligence Integration
While adding known malicious domains to a blocklist is a common baseline, it is insufficient due to the rapid generation of new domains by attackers. DNS providers supplement blacklists with real-time threat intelligence feeds like alphaMountain to detect previously unseen malicious domains.