Enhanced Security at the Edge with Imperva DNS Protection

Enhanced Security at the Edge with Imperva DNS Protection

Your website is the gateway to your business and the potential for disruption of your site or damage to your web infrastructure makes DNS security a serious consideration for organizations. The criticality of DNS Services for ensuring network connectivity and website availability make them a hot target for cybercriminals and attacks are becoming more common and costly every year.

Global digitalization, cloud technologies and an upsurge in device usage are all contributing to the growing security vulnerabilities around DNS infrastructure and it is becoming increasingly difficult for security teams to keep up with best practices to remain resilient against the growing threat of a DNS-targeted DDoS attack.

Imperva expands DNS Protection to ensure uptime and reduce costs

Imperva is expanding its DNS Protection with the addition of a new secure and fully cloud-based Managed DNS service removing the need for customers to manage and secure their DNS service in-house. The new enhanced offering will improve response times, ensure operational uptime of your websites, applications and APIs as well as reducing costs of on-premises DNS solutions.

79% of organizations suffered a DNS attack in 2020, with the average cost of an attack thought to be almost $1 Million.: IDC 2020 Global DNS Threat Report

The most common types of attacks on DNS services are:

  • DNS Flood Attacks – the attacker floods the DNS server and causes it to become unresponsive by sending multiple DNS requests to the victim’s authoritative name server in the same period of time.
  • Source IP Spoofing DDoS – the source IP address of the UDP protocol is spoofed, making IP address blocking useless as a mitigation method as every packet could originate from a legitimate source.
  • Reflective DDoS – a two-step attack where the attacker sends multiple requests to a legitimate DNS server which could flood the unsuspected target with large volumes of data in response.
  • Cache Poisoning – DNS cache poisoning occurs when an attacker exploits DNS vulnerabilities to manipulate its records, and redirect traffic away from a legitimate website to a fake or a malicious site.

The enhanced Imperva DNS Protection will continue to offer industry-leading DDoS protection for DNS and will now include a new fully-hosted ‘Managed DNS’ option:

  • DDoS Protection for DNS: Imperva serves as a DNS proxy, where all DNS queries are first processed by Imperva to filter out DDoS attacks and respond to legitimate requests before being forwarded to your origin name server. With this solution, your DNS service is hosted outside of Imperva.
  • Managed DNS: The new Managed DNS Service relieves our customers of the burden of managing and securing their DNS service in-house. With 45 Points of Presence, our global infrastructure guarantees enhanced response times and uninterrupted operational uptime.

Our new Managed DNS solution provides the following benefits:

  • Guaranteed Uptime, backed with Imperva’s SLA for availability
  • DDoS mitigation and built-in Layer 3,4 and Layer 7 security
  • Optimal performance, reducing DNS query response time via Imperva’s global anycast network of 45 PoPs
  • Operational efficiency, via simple and automated onboarding and management, advanced DNS analytics and DNSSEC support
  • Cost Savings, leveraging a DNS infrastructure at the edge, and deployment flexibility (primary, secondary, or hidden master options)

As the first gateway to your online assets, DNS availability, performance and security is critical. With the challenges driven by the pandemic there’s never been a better time to assess and optimize your DNS strategy.

Learn more about Imperva DNS Protection here.

The Imperva Application Security self-service trial includes the market-leading cloud web application firewall (WAF), DDoS protection, client-side protection, account takeover detection and attack analytics. Out-of-the-box, you will know if your organization is under attack and an onboarding wizard enables ease of deployment with guided steps to customize rules and more. Try it today.