Malicious Domain Blocking and Reporting (MDBR) is the latest service that the Multi-State Information Sharing and Analysis Center (MS-ISAC) and Election Infrastructure ISAC (EI-ISAC) are adding to their defense in depth portfolios of cyber defenses. MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats.
This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain. In just the first five weeks of service, the MS- and EI-ISACS’s MDBR service blocked 10 million malicious requests from more than 300 entities.
MDBR Service from CIS, CISA, and Akamai
For this endeavor, CIS is partnering through MS-ISAC and EI-ISAC with the Cybersecurity and Infrastructure Security Agency (CISA) and Akamai to make this service available at no cost to U.S. State, Local, Tribal, and Territorial (SLTT) government members of the MS-ISAC and EI-ISAC. The MS-ISAC is grant-funded by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and is designated as the focal point for cyber threat prevention, protection, response, and recovery for the nation’s SLTT government entities.
The MDBR service uses Akamai’s Enterprise Threat Protector (ETP) carrier-grade recursive Domain Name System (DNS) service, which is built on the global Akamai Intelligent Edge Platform. The Akamai Intelligent Edge Platform delivers up to 2.2 trillion DNS queries daily.
MDBR is a fully managed proactive domain security service, with the MS-ISAC, the EI-ISAC and Akamai fully maintaining the systems required to provide the service. Once an organization points its DNS requests to Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains associated with malware, phishing, ransomware, and other cyber threats will be blocked and logged.
The logged data is then provided by Akamai to the ISACs’ Security Operations Center (SOC). The SOC uses this data to perform detailed analysis and aggregate reporting for the benefit of the SLTT community, as well as organization-specific reporting and intelligence services. If circumstances require, remediation assistance is provided for each SLTT organization that implements the service.
Advantages of CIS’s MDBR
The advantage of the MS-ISAC and EI-ISAC MDBR is the managed services provided to ISAC members. Adding MDBR capabilities to the MS-ISAC and EI-ISAC defense in depth approach to security provides another data stream for threat intelligence and information sharing for the SLTT and elections communities.
Through Akamai, MDBR users benefit from a major force in cyber threat intelligence. The majority of the threat data in Akamai’s Cloud Security Intelligence comes from data collected on the Akamai platform itself. This gives Akamai an unprecedented view of the threat landscape.
All of this data is analyzed using proprietary algorithms that can quickly identify malicious domains contained in this large volume of data. Additionally, the Akamai threat research team further analyzes the data sets, as there are certain types of threats that an automated machine learning process will not easily detect. Future planned updates to the MDBR service will also integrate unique, SLTT-specific threat data provided by the MS- and EI-ISAC SOC.
For many commercial offerings, customers typically have the ability to log into a portal to generate reports and administer the service. With MDBR, virtually no maintenance is required on the part of users, as the MS-ISAC, EI-ISAC, and Akamai completely administer the required systems. Although the MS- and EI-ISAC membership will receive regular reports, they do not have the ability to directly log into the Akamai portal or download logs from Akamai. This, as well as other additional Akamai ETP features, are available separately from the MDBR service offering to MS- and EI-ISAC members at negotiated reduced-fee options from Akamai through the CIS CyberMarket.
Enhancing Defenses with Albert
MDBR is just the latest of the offerings that can help defend MS-ISAC and EI-ISAC members. Albert Network Monitoring, an intrusion detection system (IDS), is another option. While the two different services can be run entirely independent of each other, when used in conjunction, the combined services are extremely effective in detecting and preventing ransomware and enable actions to prevent other types of malicious attacks from being successful.