Government Backed ‘MDBR’ Service Blocks Connections to Malicious Domains

A new Malicious Domain Blocking and Reporting (MDBR) service will help organizations improve security by preventing IT systems from connecting to malicious domains. 

Launched through a partnership between the U.S. Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), Center for Internet Security (CIS), and Akamai Technologies, the MDBR service adds another layer of Domain Name System (DNS) security to help organizations protect applications. 

Expected to improve the security of U.S. state, local, tribal, and territorial (SLTT) government organizations, the fully managed proactive domain security service will be free for members CIS Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Through preventing connections to harmful domains, MDBR technology aims to reduce infections with known malware and ransomware, as well as prevent phishing and other common cyber-threats. Furthermore, the technology was meant to prevent malware from communicating with the command and control (C&C) server. 

Organizations looking to take advantage of MDBR simply need to point their DNS requests to Akamai’s DNS servers (MDBR is built on top of Akamai’s Enterprise Threat Protector (ETP) service). Thus, all DNS lookups are proactively compared against a list of known and suspected malicious domains. 

Attempts to connect to these domains will be blocked and logged, and CIS’ security analysts will provide members with reports on these blocked requests, in addition to helping with remediation, if needed.

Any SLTT should be able to easily integrate MDBR into existing information technology (IT) infrastructure. With CIS and Akamai fully maintaining the service, organizations won’t have to worry about maintenance. 

All logged data will be delivered to the CIS Security Operations Center (SOC), including details on DNS requests, either successful or blocked, which will then be used for analysis and reporting, for the betterment of the SLTT community. Each organization will also receive specific reporting and CIS will deliver regular reporting and intelligence services to SLTT members.

“MDBR will help SLTTs turbocharge their cyber defenses. It will be a key player in CIS’s growing arsenal of our defense-in-depth tool kit,” James Globe, CIS Vice President of Operations and Security Services, commented.

Related: Most Malicious Coronavirus-Related Domains Located in U.S.

Related: Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers

Related: Microsoft Files Lawsuit to Seize Domains Used in COVID-19-Themed Attacks

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published.