Malicious Domain Blocking and Reporting (MDBR)
The Malicious Domain Blocking and Reporting (MDBR) service is available for U.S. State, Local, Tribal, and Territorial (SLTT) government members of the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and Akamai. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy.
MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.
How MDBR Works
MDBR proactively blocks network traffic from an organization to known harmful web domains, helping protect IT systems against cybersecurity threats. Once an organization points its domain name system (DNS) requests to the Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains such as those associated with malware, phishing, and ransomware, among other threats, will be blocked and logged. CIS will then provide reporting that includes log information for all blocked requests and assist in remediation if needed.
The service is easy to implement and requires virtually no maintenance as CIS and Akamai fully maintain the systems required to provide the service.
Akamai provides all logged data to the CIS Security Operations Center (SOC), including both successful and blocked DNS requests. This data will be utilized to perform detailed analysis and reporting for the betterment of the SLTT community and for organization-specific reporting for each SLTT organization that implements the service. CIS will provide regular reporting and intelligence services for SLTT members.
Malicious Domain Blocking and Reporting Data Flow
How to Sign Up for MDBR
Existing MS- and EI-ISAC members can sign up for no-cost MDBR by registering below. You will be asked to provide the following information:
- Your contact information
- Technical contact(s) for MDBR setup, troubleshooting, and general technical support
- Reporting contact(s) for receiving reports on your MDBR service
- Public IP addresses or CIDR netblocks from which your organization’s DNS queries are sent
If your organization isn’t yet an MS-ISAC or EI-ISAC member, you’ll be asked to join first.