Malicious Domain Protection

Stop threats 10 days faster

Detect unknown domains used by threats such as malware, botnets, and more.

Malicious Domain Protection

How it works

Malicious Domain Protection uses machine learning to analyze DNS queries to assess whether they are likely to be associated with a malicious host.

By analyzing the DNS query, attempted connections to likely malicious domains are blocked, providing a first-line defense to protect users and corporate networks.

Enabling malicious domain protection is simple

Watch the video to see how easy it is to setup and configure a policy to block threats using Malicious Domain Protection.

See DNSFilter in action

Don't just take our word for it. Book a personalized demo and see how easy it is to stop threats with DNSFilter.

Training the machine learning model

To train a machine learning classifier, training data is needed. DNSFilter's data scientists had access to the world's fastest Dual-Anycast resolvers that process over 89 billion DNS queries daily for over 30 million users.

Over 35 million daily DNS queries are identified as threats and blocked, before they ever resolve to a client machine. Malicious Domain Protection's classifier was trained and fine-tuned using over 16 million queries, a mix of both known good and known bad domains contributing to a highly accurate machine learning model.

Machine Learning Model

More threats and faster detection

During testing, Malicious Domain Protection detected 7,000 risky domains that were not yet identified by any threat intelligence feeds. Threats were identified up to 10 days ahead of third-party threat feeds, with one domain being caught 59 days ahead.

More threats and faster detection

The threats we face

Unknown malicious domains seen in the wild can be used with malware, botnets, phishing attacks or command-and-control servers.

Attackers use the period before their domain is discovered to launch attacks that go undetected by firewalls, IDS, and other threat detections that rely on threat feeds or other information.

Some malware families algorithmically generate upwards of 250,000 unique domains. Also known as DGAs, these domains are often the first signs of malware, spambots, phishing, and cryptojacking, and more.

Malicious Domain Protection

Recommended reading:

Customers love us, threats hate us

G2 Spring 2024 Leader
G2 2024 High Performer EMEA
G2 Spring 2024 Most Implementable
G2 2024 Mid-Market Best Results
G2 Spring 2024 Momentum Leader
G2 2024 Best Usabilit