Securd's solution first uses the DNS protocol to prevent endpoints (laptops, workstations, servers, IoT devices, etc.) from acquiring an IP address (A record) to a malicious destination. This is also known as DNS filtering.
1. End User Clicks on a Phishing or Malicious URL
When an end-user clicks on a bad URL, end user's system has to resolve the domain of the URL. Let's say the URL attempts to access a domain such as phishingdomain.com. For the endpoint to connect to the domain, it needs to get an A record with an IP address. The endpoint will use our DNS servers to resolve the domain.
2. Securd Validates the Domain Query
Securd determines if the DNS query is coming from a subscribed customer. If the DNS query if not approved, it will be blocked. Otherwise, Securd will allow its DNS services to process the subscriber's DNS query through its order of operations.
3. We Processes the DNS Query
If the DNS query matches the criteria in a security policy for a subscriber, Securd returns its response. Instead of allowing Securd global recursive DNS servers to process the request, the DNS server will respond with a block. If a browser produces the query, the user gets a block page with the reason why it was denied. All the blocked traffic is logged for the administrator to review.
4. Securd Blocks Access to the Malicious Domain
If the DNS query matches criteria in a security policy, Securd returns it's own response. Instead of allowing Securd global recursive DNS servers to continue to process the request, a block response is provided back to the endpoint. If this request was done through a browser, the user would be redirected to a block page with the reason why the block occurred. The block is recorded query logs available to the customer administrator.