Malicious Domain Blocking and Reporting (MDBR) Newest Service for U.S. SLTTs
Malicious Domain Blocking and Reporting (MDBR) is the latest service that the Multi-State Information Sharing and Analysis Center (MS-ISAC) is adding to their defense-in-depth portfolios of cyber defenses. MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats.
This capability can block the vast majority of ransomware infections by preventing the initial outreach to a ransomware delivery domain. In just the first five weeks of service, the MDBR service blocked 10 million malicious requests for more than 300 MS- and EI- ISAC member organizations.
MDBR Service from CIS, CISA, and Akamai
For this endeavor, CIS (through the MS-ISAC) is partnering with the Cybersecurity and Infrastructure Security Agency and Akamai to make this service available at no cost to U.S. State, Local, Tribal, and Territorial (SLTT) government members of the MS-ISAC. The MS-ISAC is grant-funded by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and is designated as the focal point for cyber threat prevention, protection, response, and recovery for the nation’s SLTT government entities.
The MDBR service uses Akamai’s Enterprise Threat Protector (ETP) carrier-grade recursive Protective Domain Name System (PDNS) service, which is built on the global Akamai Intelligent Edge Platform. The Akamai Intelligent Edge Platform delivers up to 2.2 trillion DNS queries daily.
About MDBR
MDBR is a fully-managed proactive domain security service, with the MS-ISAC and Akamai fully maintaining the systems required to provide the service. Once an organization points its DNS requests to Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains associated with malware, phishing, ransomware, and other cyber threats will be blocked and logged.
The logged data is then provided by Akamai to the CIS Security Operations Center (SOC). The SOC uses this data to perform detailed analysis and aggregate reporting for the benefit of the SLTT community, as well as organization-specific reporting and intelligence services. If circumstances require, remediation assistance is provided for each SLTT organization that implements the service.
Advantages of CIS’s MDBR
The advantage of the MS-ISAC MDBR is the managed services provided to ISAC members. Adding MDBR capabilities to the MS-ISAC defense-in-depth approach to security provides another data stream for threat intelligence and information sharing for the SLTT and elections communities.
Through Akamai, MDBR users benefit from a major force in cyber threat intelligence. The majority of the threat data in Akamai’s Cloud Security Intelligence comes from data collected on the Akamai platform itself. This gives Akamai an unprecedented view of the threat landscape.
All of this data is analyzed using proprietary algorithms that can quickly identify malicious domains contained in this large volume of data. Additionally, the Akamai threat research team further analyzes the data sets, as there are certain types of threats that an automated machine learning process will not easily detect. Future planned updates to the MDBR service will also integrate unique, SLTT-specific threat data provided by the CIS SOC.
For many commercial offerings, customers typically have the ability to log into a portal to generate reports and administer the service. With MDBR, virtually no maintenance is required on the part of users, as the MS-ISAC and Akamai completely administer the required systems. Although the MS-ISAC membership will receive regular reports with MDBR, they do not have the ability to directly log into the Akamai portal or download logs from Akamai. This portal access, as well as other features, like off-network protection and customizable configurations, are offered as part of the cost-effective MDBR+ solution, now offered to MS-ISAC members and private hospitals.
Enhancing Defenses with Albert
MDBR is just the latest of the offerings that can help defend MS-ISAC members. Albert Network Monitoring, an intrusion detection system (IDS), is another option. While the two different services can be run entirely independent of each other, when used in conjunction, the combined services are extremely effective in detecting and preventing ransomware and enable actions to prevent other types of malicious attacks from being successful.
U.S. SLTTs: Sign up Today
If you are an SLTT government entity, and also a member of either the MS-ISAC or EI-ISAC, you can sign up at https://mdbr.cisecurity.org/.
For more information on how to join the MS-ISAC, visit https://www.cisecurity.org/ms-isac.
About the Authors
Ed Mattison
Former Executive VP of Operations and Security Services
At the time of this publication, Mattison was responsible for providing executive leadership to advance the missions of the Multi-State Information Sharing and Analysis Center® (MS-ISAC®). He was also charged with providing global security services and support to government and private sector organizations.
Gina Chapman
Senior Vice President and Deputy of Sales and Business Services
As Senior Vice President and Deputy of Sales and Business Services, Gina Chapman helps drive business strategy across the Sales, Business Development, Communications, and Marketing functions at CIS. She also serves as Deputy to the Executive Vice President.
