Understanding DNS Graph Defense™

Understanding DNS Graph Defense™

Graph Defenseā„¢ is proprietary ranking & domain trustworthiness system developed by DigitalStakeout. The intent of the system is to score established, long-lasting and tightly linked Internet infrastructure, domains and assets that are highly correlated less end-user and endpoint risk.

Because domain lifespan, behavioral history, reputation are variables that impact our scoring, the feature will reduce threat actors capacity to create new and algorithm based domains from being leveraged against your endpoints.

Before You Enable Graph Defense

Learn how the greywall defense blocks threats.

Any asset in an active ALLOW OR BLOCK list will take priority over this feature.

    We highly recommended that you train your Greywall until new hosts plateau before enabling Graph Defense.
    Use the Dashboard for a company to become familiar with the number of new hosts discovered per day.
    Once your new host discovery plateau for 3 days, you should be able to proceed enabling this feature to GREEN & YELLOW Mode.

Graph Defense Settings

Graph Defense is an additional layer of defense. It does not ignore security categories.
 
GREEN

The Green setting is to limit the greywall delay. Any newly observed domain ranking inside this range will avoid a greywall event.
YELLOW

The Yellow setting is where the greywall delay starts. The greywall delay in your policy will determine the time of delay a new host name or domain can be accessed.
RED *

The Red setting is where all sites lower than this ranking will be immediately blocked.

*RED is a HIGHLY restrictive feature and this will block traffic from all domains ranking outside of RED.
You will have make sure all the traffic that you want accepted is either inside the GREEN OR YELLOW ranking. Otherwise, you will have to ALLOW LIST the host names or domains to be accepted.


    • Related Articles

    • Default DNS Security Policy Overview

      You are in 100% control as to how DigitalStakeout PDNS protects your systems.  Below is a detailed overview the your default security policy options. The default security policy is a good starting point for protecting your network and endpoints from ...

    • Understanding your Protective DNS usage metrics.

      In the Account -> Plan Usage section, you can see a real-time view of your Protective DNS usage metrics.   Viewing Aggregated Query Metrics This analytic shows the volume of DNS queries from all your companies based on your selected time frame. In ...

    • Understanding Company Containers and Tenants

      With DigitalStakeout PDNS, you can create multiple companies. Companies can be used in a variety of ways to segregate DigitalStakeout PDNS by customer, organization or other logical segregation option of your choice. Every DigitalStakeout PDNS ...

    • Protective DNS Dashboard Overview

      Note: Each company (tenant) has a unique dashboard.  Learn more about companies. The DigitalStakeout PDNS dashboard provides administrators with a high-level time-based summary into key security metrics and information about a company's underlying ...

    • DNS Acronyms

      These acronyms and terms are frequently used when discussing securing DNS. DNS: Domain Name System. This is a system that translates human-readable domain names (such as www.example.com) into numerical IP addresses that computers can use to ...