In 2022, the cyber threat intelligence (CTI) team at the Multi-State Information Sharing and Analysis Center (MS-ISAC) witnessed cyber threat actors (CTAs) step up their attack attempts against U.S. state, local, tribal and territorial (SLTT) government organizations. The MS-ISAC's Malicious Domain Blocking and Reporting (MDBR) service registered 908 billion DNS requests for SLTTs over the course of the year, for instance. Of that activity, the service blocked 7.8 billion requests.
SLTTs and private hospitals need a way to strengthen their defenses against a very active cyber threat. That’s why we at the Center for Internet Security (CIS) have released Malicious Domain Blocking and Reporting Plus (MDBR+).
BETTER VISUALIZE POTENTIAL THREATS ON YOUR NETWORK
Made available by CIS and industry leader Akamai to SLTTs and private hospitals, MDBR+ is a quick-to-configure and easy-to-deploy cloud-based secure web gateway service. It proactively identifies and blocks network traffic from your organization to known malicious websites.
Once you point your organization's domain name system (DNS) requests to the Akamai’s DNS server IP addresses, MDBR+ compares every DNS lookup against a list of known and suspected malicious domains. The service blocks and logs attempts to access known malicious domains such as those associated with malware, phishing and ransomware, among other threats, thereby increasing your organization's web security.
Akamai provides all logged data, including both successful and blocked DNS requests, to the CIS 24x7x365 Security Operations Center (SOC). SOC analysts use this data to perform detailed analysis and reporting for the betterment of the SLTT community and for reporting that's specific to your organization.
CIS then provides reporting of log information for all blocked requests, among other data. CIS will also assist in remediation if needed.
In addition to keeping your SLTT organization or private hospital safe against common threats, MDBR+ comes with six features that make staying secure even easier.
- Flexibility of Access
MDBR+ offers security teams full access to a cloud-based management portal. This enables your teams to manage your configurations any time and anywhere. - A Real-Time View of Suspicious Network Activity
MDBR+ gives you access to real-time reports on blocked activity for every user on your network. This type of activity includes the machines that are sending requests and which machines might be repeat offenders. Using this information, you can take action by updating your security policies and adjusting your training to help employees who might benefit from additional security awareness training. - Prioritization for Business Requirements
With MDBR+, you’ll have the ability to build custom configurations, including acceptable use policies (AUPs) and allow/deny lists. This ensures that you can use MDBR+ in a way that supports your unique security needs. As these requirements evolve, so too can your custom configurations. - Reduced Time Chasing Down False Positives
The SOC analysts at CIS reduce false positive security alerts, enabling your teams to spend more time on things that matter to your organization. What’s more, MDBR+ helps your team administer security policies and updates from any location in a matter of seconds to all locations and devices. This enhances your ability to roll out global changes, ensuring that every device remains safe as your technology continues to change. - Off-Network Protection
MDBR+ offers your organization a secure web gateway even for your off-network devices. Your teams can use this feature to safeguard remote workforces, ensuring that devices are protected before they connect back to your network. - Easy Maintenance
The service is easy to implement and requires virtually no maintenance. CIS and Akamai fully maintain the systems required to provide the service.
NOW'S THE TIME TO KEEP YOUR ORGANIZATION SAFE
The purpose of MDBR+ is to strengthen your web security and keep you safe from known malicious domains using processes and policies that work for you. Register now to see what changes tailored threat protection brings to your business.
About CIS
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses and governments through our core competencies of collaboration and innovation.
We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud.
CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response and recovery for U.S. state, local, tribal and territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.