Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

DNS Resolution Capability with Skyhigh SSE

  1. Last updated
  2. Save as PDF

Data Exfiltration Prevention

Skyhigh supports the monitoring and interception of DNS queries designed to tunnel data out of the network. By analyzing query patterns and payload sizes, the resolver identifies and halts unauthorized data transfers attempted through DNS protocols.

Threat Intelligence & Domain Blocking

The system provides robust security at the edge by filtering requests against real-time threat feeds.

  • Phishing Mitigation: It supports the identification and proactive blocking of domains known for hosting phishing sites, protecting users from credential theft.

  • Malware Protection: It supports the blocking of communication with known malware distribution points and command-and-control (C2) servers.

Algorithmic Threat Detection (DGA)

It supports the detection of Domain Generation Algorithms (DGA). The resolver identifies programmatically generated domain names typically used by botnets, ensuring that infected endpoints cannot establish a connection with rotating malicious infrastructure.

Advanced Response Actions

To provide flexibility in how threats are handled, the resolver includes various response mechanisms:

  • Redirect to Block Page: It supports intercepting malicious queries and redirecting the end-user to a customized landing page for security awareness and notification.

  • NXDOMAIN Response: It supports returning a "Non-Existent Domain" (NXDOMAIN) status for blocked queries, effectively dropping the connection at the DNS level.

  • Sinkhole Response: It supports DNS sinkholing, routing malicious traffic to a controlled, internal IP address for further analysis and containment.

Proactive Domain Defense

It supports the predictive detection and blocking of newly registered domains (NRDs). Since attackers often use fresh domains to bypass legacy reputation filters, the system applies heuristic analysis to block high-risk, recently created domains before they can be used in an attack.

Encrypted DNS Protocols

It supports DNS over HTTPS (DoH), ensuring that DNS queries are encrypted via standard HTTPS sessions. This prevents eavesdropping and "man-in-the-middle" tampering, providing a secure and private path between the client and the resolver.

High-Volume Throughput

It supports processing millions of queries per day. The infrastructure is architected for high-scale environments, maintaining low latency and consistent performance even during peak query volumes.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.