Nominet has delivered the Protective DNS service on behalf of the UK’s National Cyber Security Centre’s (NCSC) Active Cyber Defence program since its inception in 2016, improving national resilience by protecting the UK government’s internet traffic.
The Protective DNS service is a highly scalable and resilient managed service, which runs using Nominet’s NTX platform on a dedicated infrastructure, delivering answers to DNS queries, but blocking any queries to malicious domains.
It gives government greater organizational cyber resilience, protecting users from known malicious sites, as well as informing and supporting UK government cyber incident response functions to manage the impact of cyber attacks.
As a centrally managed and funded service, the Protective DNS service is a highly effective, scalable and cost-effective method of protecting all central and local government entities. With this solution each department benefits from the service rather than using unnecessary resource and budget to procure its own protective DNS service. At the same time as delivering the most cost-effective solution, the UK government benefits from sight of malicious internet behavior across government. It uses commercial, government and community sources to be continually updated with knowledge of malicious domains.
The latest Active Cyber Defence report, released by Director Ian Levy, demonstrates the importance of the PDNS service, which by the end of 2018 was protecting an estimated 1.4 million employees across the UK public sector. In total across the year, the service answered 68.7 billion queries with the peak query rate being 27,109 queries per second, seen in November.
2018 in Protective DNS:
- Of the 68.7 billion queries, 57.4 million were blocked for 117,527 unique reasons
- 28 million of the queries blocked were for Domain Generation Algorithms (DGAs), including 15 known DGAs. They included Ramnit, Suppobox, TinyBanker, Matsnu, Bedep, Fobber and Conﬁcker19
- 13,800 queries were blocked for at least 20 named botnet command and control systems, including Betabot, Graybird, Katrina, Lokibot, StealRat and Godzilla
- A number of exploit kit related indicators were blocked, including 796,000 queries for 16 unique indicators of exploit kits including Magnitude, RIG, SweetOrange and Neutrino
- Ransomware continued to be an issue globally as more than 450,000 WannaCry related queries were blocked from 15 different PDNS customers and more than 230,000 queries related to the BadRabbit ransomware
Our Protective DNS solution delivered to UK government reduces risk and investment while enhancing insight into threats and mitigation against cyber attacks. Levy states in his report that “the PDNS service has proven its value already, providing a real protective effect at scale.”