Mimecast Web Security adds monitoring and security at the DNS layer to stop DNS spoofing, malware and other malicious web activity.
Domain Name System spoofing, or DNS spoofing, is a cyberattack that redirects traffic away from legitimate servers to fraudulent sites that appear quite similar to the original. When a user arrives at the fake site, they may be prompted to enter their login credentials or reveal sensitive data like credit card data, bank account numbers and Social Security information. Attackers can then use this information to steal money, data and identities, or to access corporate networks to launch other attacks.
DNS spoofing attacks are carried out by altering DNS records or by intercepting communication with a DNS server. DNS spoofing is just one example of the many ways in which cyber criminals use DNS to launch attacks. In fact, DNS is used in 91% of malware attacks, and one out of every 13 web requests leads to malware.
Despite the dangers of DNS spoofing and other malicious activity, most organizations don't monitor their DNS activity at all. Yet the rise of DNS spoofing and other DNS-related attacks makes it clear organizations must deploy anti-spoofing solutions as well as monitoring technology that provides insight into what is happening at the DNS layer.
Mimecast Web Security adds monitoring and security at the DNS layer to stop DNS spoofing, malware and other malicious web activity before it reaches your network or devices. This Mimecast service protects against malicious activity both coming from or going out to the Internet at the DNS layer. It also supports and enforces acceptable use policies and helps to mitigate uncontrolled usage of cloud applications.
Mimecast Web Security enables you to:
When a user initiates a request to access the Internet by entering an address in the browser or clicking a link in an email or website, a DNS request is forwarded to the Mimecast Web security service. As Mimecast inspects and resolves the DNS request, acceptable use policies established by the organization are applied to the request, blocking access to content that is deemed inappropriate for business use. At the same time, the target website is scanned for malicious content. If the site is determined to be safe, the user is granted immediate access. But if the site is deemed to be suspicious or malicious, Mimecast blocks access to the site and the user is notified via a message in the browser about the reason why.
Mimecast Web Security enables you to:
DNS refers to the Domain Name System (or Domain Name Server), which translates domain names that users can read into IP addresses that machines can read. Every device connected to the Internet has a unique IP address that enables other machines to find it. DNS eliminates the needs for users to memorize long and complex IP addresses and to use simpler domain names instead.
DNS spoofing is a cyberattack where DNS records are altered or where DNS communication is intercepted in order to route users to a different IP address. Typically, DNS spoofing reroutes traffic to a fraudulent website where users are duped into revealing sensitive information or login credentials.
Website spoofing is a form of cybercrime where an attacker registers a domain name and creates a website that looks very similar to the domain name and website of a trusted brand. Attackers then lure the brand's employees, customers and other parties to the website where they may be tricked into revealing valuable information.
Email spoofing is when a cybercriminal sends an email that appears to be from a trusted source. Attackers may spoof an email address by creating a fake "from" address in the email header, or by gaining access to a user's account to send a fraudulent email. Companies can use the email validation system DMARC to identify spoofed emails. DMARC builds on the SPF and DKIM authentication protocols and adds additional layers of protection. An email message must authenticate with SPF and/or DKIM to pass a DMARC test. Additionally, a DMARC record specifies whether an email that fails to authenticate should be blocked, quarantined or sent on to the user.