DNSFilter nabs $30M to fight DNS threats with AI

All the sessions from Transform 2021 are available on-demand now. Watch now.


DNSFilter, a Washington, D.C.-based provider of DNS content filtering and threat protection solutions, today announced that it closed a $30 million series A funding round led by investment firm Insight Partners. CEO Ken Carnesi said that the proceeds, which bring DNSFilter’s total raised to $36 million, will put toward product development and strategic initiatives including partnerships, as well as expanding the company’s workforce.

Cisco found in 2016 that 90% of malware programs use DNS to carry out campaigns. And according to IDC, organizations faced an average of more than nine DNS attacks in 2019, an increase of 34% year-over-year. Costs went up 49% compared with 2018, meaning that one in five businesses lost just over $1 million per attack.

DNSFilter aims to combat the growing threats with a service designed to protect against DNS-originated phishing, malware, ransomware, and more. Its network, which spans across 48 datacenters, provides domain analysis that’s exported to security reports as well as logs.

“I founded DNSFilter after [startup company] OpenDNS was acquired by Cisco. I owned a managed service provider — still do! — and was a loyal OpenDNS customer. However, as many companies do when they are acquired by major entities: pricing went up, product innovation stagnated, and I could never seem to get any support on the phone,” Carnesi told VentureBeat via email. “So, I decided to create a more innovative product that had the existing features and capabilities of OpenDNS, but was powered by machine learning.”

AI-driven DNS security

At a high level, DNS translates internet domain names like “www.example.com” into IP addresses (e.g., 172.10.254.1) to locate servers and route data worldwide. The design of the DNS is based on trust — that machines on the internet are who they say they are. But DNS’ open, distributed architecture makes it a lucrative target for attack. A malicious actor can use DNS to direct a query to the wrong website or intercept an email, for example. That’s perhaps why security analysts at Infoblox in a recent whitepaper called DNS “a bellwether for malicious activity.”

According to Carnesi, one of DNSFilter’s biggest focuses is threat identification accuracy. AI is a part of this — in 2018, the company acquired Web Shrinker, which provided website screenshot and API services, leveraging machine learning to identify threats and domains in real time.

DNSFilter

“The way our AI-driven threat identification works is that it scans a domain by simulating a human-driven browser session.  This allows us to spot threats that other tools — which just scan code — do not, because hackers are very clever and will serve different content to scanning bots,” Carnesi explained. “When our AI scans a site, it mimics the type of browser session a real person will have, allowing us to categorize the site more accurately. Once we actually scan the site, we have a number of threat markers that the AI looks for. If the site reaches a certain threshold of these markers, our AI will categorize that site as a threat.”

One of the more interesting things about DNSFilter’s AI is that customers are central to the training model, Carnesi says. As the platform scans more websites, it learns how threats are evolving, and DNSFilter’s security researchers check its work — helping the company to catch 76% of domain-based threats, Carnesi claims. Beyond this, customer data is enabling DNSFiler to explore the concept of DNS fingerprinting, which would allow the platform to better understand behavior happening within an environment based on the types of queries occurring.

“Enterprises need full-scale protection from ransomware and phishing attacks, and securing the DNS layer is one of the best barriers a company can deploy against these attacks. Everything starts with a DNS query — even other security layers rely on DNS to operate. So, when your DNS is not secure as a company, you’re vulnerable,” Carnesi said. “With more companies choosing remote work long-term, their employees are no longer protected by the internal, network firewall. So they need a solution that protects the endpoints directly.”

DNSFilter currently scans “billions” of domains daily for more than 185,000 end users and over 14,000 brands including Lenovo, Newegg, The Salvation Army, and Nvidia, catching threats an average of 5 days before “static feed” competitors. By the end of 2021, Carnesi says, DNSFilter will block more than 1.1 million threats every 24 hours.

“We’ve been incredibly fortunate that the pandemic has been great for business … Business has increased dramatically as companies have looked for ways to protect their teams while out of the office. The traditional firewall model became very outdated in 2020, so it was a good year for us,” Carnesi said. “We have customers with offices internationally who only use our threat categories, as they’re seeking peace-of-mind in the age where ransomware and double extortion ransomware are wreaking havoc on businesses.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Leave a Comment