Select Product

Secure DNS

Free 14 days trial

Click to register
Start Demo

Cyber X-Ray

Deep domain  investigation.

Start a domain search now!
No Registiration Required

DNS Visibility

Download and install DNS Visibility VM appliance

Contact us
Go to form

Detect the attacks
“that others miss”

DNS Visibility detects malicious traffic on your network, and reports whether this traffic can be blocked by your other security devices.

DNS servers generate a large number of difficult-to-understand logs. DNS Visibility provides the collection, enrichment, AI-based classification of the DNS logs.  

With its advanced SIEM integration, it saves time and EPS by transferring to SIEM only the data that SOC teams need to see.

Why is it Important to Analyse DNS Logs?

Monitor all your Traffic

DNS is used by all protocols like http, https, smtp, IoT. DNS traffic provides information about your entire network, regardless of its network protocol.

  DNS Tunnelling

With DNS Tunnelling, data exfiltration attacks cannot be detected by DLP products. It requires DNS log analysis for effective solution.

Invisible Malware Domains

80% of malware domains do not have an IP address at the moment, Malware requests that do not have an IP address can only be detected in the DNS log.

Key Benefits

DNS Log Collection

DNS Visibility can collect the logs of many different brands and models of DNS servers without the need for any change in your network structure. It can collect Microsoft DNS, Infoblox, BIND, Bluecat, EfficientIP, F5, Citrix DNS server logs with high performance.

Learn more

Domain Categorisation

To select the data that SOC teams should review, the domains must first be classified. With Roksit Cyber X-Ray infrastructure, they are divided into 72 different categories in 4 main groups, based on AI.

Detection the Source of the Malicious Activity

DNS logs only include the source IP address. Since IP addresses vary, it should be enriched with permanent machine and user information. DNS Visibility has Host Discovery and User Identification features. The DNS Visibility Report, also features the real machine that makes the DNS query and the users logged into this machine.

Learn more

SIEM Integration

DNS Visibility can report classified and meaningful DNS traffic one year back in the advanced reporting interface. In addition, it transmits the data that SOC teams need to analyse to the SIEM product. It provides a very flexible infrastructure to the user in selecting the logs to be transmitted. While it can send the entire log according to the user's preference, it can save up to 1000 times the amount of logs with the filters to be applied.

Learn more

See Attacks that Others Miss

By courtesy of Security Gap Feature, DNSSense reports the existing malicious activities which have managed to pass through each current security asset (UTM Firewall, Proxy, DNS Firewall, etc.) in your network without even being detected.

Learn more

EDR Integration

The APIs of EDR systems are used to gather information about the application that makes the malicious DNS query, in order to understand whether the devices are infected or not.

Learn more

DNS Traffic Learning and Anomaly Detection

In corporate networks, the amount of DNS traffic, visited categories and even the visited domains are in a certain pattern. DNS Visibility appliance learns the DNS traffic of the institution and reports anomalies.

Learn more

Ready to get started?

Start your free 14-days trial

Try Roksit free. No credit card required.