Roksit is now DNSSense

Time to start a new chapter!
‍
We are delighted to announce our merger with our global operations’ brand, DNSSense, starting from April 10, 2023.

You can find all the information about Roksit at our new address, dnsssense.com
‍
Welcome to the world of DNSSense!

Why Roksit

Products & Solutions

On-prem DNS log analysis

Detect malicious traffic on your network and get detailed reports.

CLOUD BASED PROTECTION

Protect your users at DNS level from harmful contents with the help of AI.

AI based domain classification

Most advanced dynamic cyber threat intelligence.

solutions by need

DNSEye

Save 95+ % in DNS Log Processing Costs with Smart SIEM Integration

DNSDome

Protecting Remote and Roaming Clients

DNSEye

Find the 'Escapers' in Your Network

DNSEye

Find the Real Machine that Generates Malicious DNS Traffic

DNSEye

Detect Invisible Malicious Traffic

DNSDome

Detect DNS Tunnelling Attacks

Cyber X-Ray

Defend From Firstly Seen Domains

DNSEye

Collect Your DNS Log With Ease

Company

Resources

PRODUCTS

On-prem DNS log analysis

Detect malicious traffic on your network and get detailed reports.

Cloud based protection

Detect malicious traffic on your network and get detailed reports.

AI BASED DOMAIN CLASSIFICATION

Solutions by need

DNSEye

Save 95+ % in DNS Log Processing Costs with Smart SIEM Integration

DNSDome

Protecting Remote and Roaming Clients

DNSEye

Find the 'Escapers' in Your Network

DNSEye

Find the Real Machine that Generates Malicious DNS Traffic

DNSEye

Detect Invisible Malicious Traffic

DNSDome

Detect DNS Tunnelling Attacks

Cyber X-Ray

Defend From Firstly Seen Domains

DNSEye

Collect Your DNS Log With Ease

Integrations

Company

About Us Leaders Contact Us

Resources

Blog Media Download FAQ

Language

Türkçe Русский

Request a Demo Portal Login

Detect malicious traffic on your network and get detailed reports.

Download and install DNSeye VM appliance

Get In Touch

Protect all your users at DNS level from harmful contents of the internet with the help of AI.

14 days free trial

Start Your Free Trial

Most advanced dynamic cyber threat intelligence for deep dive domain analysis.

No registration required

Get Your First Analysis

Frequently Asked Questions

Get answers to the most commonly asked questions about us and our products.

General

Why Should We Use DNS Level Protection?

Since the DNS Layer is at the bottom of the application layer. So, malicious traffic can be blocked at the DNS level before it starts. In addition, DNS is used by all protocols like HTTP, HTTPS, SMTP, and IoT. DNS traffic provides information about the application layer and your entire network. Moreover, some malicious traffic can only be detected and prevented by DNS level protection. For example, 80% of malware domains currently do not have an IP address. Malware requests that do not have an IP address can only be detected in the DNS log. Or DNS tunnelling can only be prevented by DNS level protection.

What Is Your Licencing Model?

The products are sold with a one or three years ethical license. The number of licenses is the number of devices has access to the internet.

What is DGA Domain? Is It Possible to Block It?

DGA stands for Domain Generation Algorithm. It is an algorithm frequently used to generate domain names for malware domains. Roksit detects domains created with the DGA algorithm and then blocks the malicious traffic.

What Is The Main Difference Between “Roksit” and Infoblox?

As the name suggests, the DNSEye product only analyzes and reports on DNS data. Unlike Infoblox, Roksit analyzes existing DNS servers' logs without needing changes in your networks. It shows the security risks in the network to the SOC teams with simple and understandable reports by making completely security-oriented analyzes and triggering the necessary alarms in SIEM and SOAR.

We Have Fortinet/Palo Alto/Symantec Bluecoat, a Firewall With Force Point Protection etc. Why Should We Buy Roksit?

100% of our customers who use our solutions already have security devices such as Fortinet, Palo Alto, Symantec and Force Point. Roksit does not replace these products. It acts as an additional layer of security at the DNS level.

‍

Almost all of our PoC customers want to work with us. Our "Security Gap" feature reports the malicious traffic passing through the existing security devices and reports the added value Roksit gives your company. This way, you will test your security investment and our product.

Do You Have a DDI Service?

We do not have a DDI service.

How Long Does It Take to Deploy the Products, and Is a Constant Administrator (admin) Control Required?

It takes 5 minutes to deploy the "DNSDome" product and 1 hour to install the "DNSeye". It doesn't need an admin. Any IT personnel can manage the product by receiving periodic reports.

Do You Have an Authoritative DNS Service?

We do not have an authorized DNS service. We serve as a forwarder DNS.

Can I Buy the Products Separately, or Are They All Purchased at Once?

“DNSDome”, “DNSEye”, and “Cyber X-Ray” are different products and can be purchased separately or together.

DNSEye

Which SIEM Products Do You Have Integration With?

In addition to our direct integration with products such as IBM Qradar, Microsoft Archsight, and SPLUNK, We also have integration into any of your SIEM products that send data in SYSLOG format.

Why is DNS visibility important?

With DNS level protection, you can prevent the attacks but cannot detect the actual machine that generates the malicious traffic. Client IP addresses vary, so they are not suitable for retroactive verification. They should be enriched with constant information about computers and users. DNS visibility lets you detect the device and user that generates related DNS queries. These actual device and user information is very important for SOC teams.

Which DNS Products Do You Read With the “DNSEye” Product?

Microsoft DNS Server, Linux BIND Server, F5, CITRIX Netscaler, Efficient IP, Bluecat And common type of DNS servers

What Is The “Security Gap” Feature?

The “Security Gap” feature reports malicious traffic that the existing security devices (UTM Firewall, Proxy, DNS Firewall, etc.) cannot detect.

‍

Security Gap simulates connecting to the malicious domain to test the security in the network by 3 different ways, Which are;

1- Test with DNS query from existing DNS server

2- Test with Http/Https request via the proxy server

3- Tests to reach a malicious domain with direct connection HTTP/HTTPS through Gateway.

‍

DNSEye VM appliance in your network sends a malicious connection request to Roksit's cloud-based malicious simulation service, with a specific metadata.

‍

Security Gap = Blocked, malicious traffic is blocked;

‍

When Roksit's simulation service does not get the metadata, which means the malicious connection is blocked by the security, it is reported as the attack is blocked along with the information about which device (Proxy or UTM) successfully blocked the malicious traffic.

What Are the Advantages of Your Smart SIEM Integration?

Instead of forwarding all DNS data to SIEM, we can only forward domain queries for malicious domains to the SIEM product with real user and machine information. In this way, we can reduce the number of correlations required in the SIEM device and the number of EPS by 95%+. This reduction provides a significant reduction in the license cost of the SIEM product.

DNSDome

Which Platforms Does "Roaming Client" Support?

macOS, Windows, Android, IOS.

Is This Possible to Give Access to a Blocked Domain?

We have a Blacklist and Whitelist feature. If you add any domain to the whitelist or blacklist, all systems' caches are cleared within a maximum of 5 seconds.

Is There Any Protection Against Users Disabling the "Roaming Client"?

It has Kernel Level protection. Even if users remove it, the agent runs at the kernel level.

Is There a Feature to Block Unknown ( firstly seen ) Domains?

Yes. Roksite's 'Positive Security Model' temporarily blocks any network connection attempt to a 'First-seen' domain for a maximum of 10 minutes until it is categorized as 'Allowed' according to your security policies.The connection will not be allowed if the relevant domain falls into the 'Block' category. Users can only access it after it has been labelled 'Allowed' or 'Whitelisted'.

Can The Roaming Client Disable Itself When It Enters The Local Network?

Yes, it has the auto-disable option. In addition, it does not cause problems when the "Roaming Client" active device is connected to the local network.

Is There a DNS Tunnel Protection Feature?

Yes. Roksit Has a DNS tunnelling protection solution.

Is It Possible to Block Specific Categories or Certain User Groups?

There are 72 different categories in the Roksit domain classification platform. For security purposes, categories such as Malware and Phishing are blocked on all users and devices. Additional policies can be applied to devices with the "Roaming Client" feature installed or users if there is Active Directory integration.

Does "Roaming Client" Cause Any Performance Issues?

Our "Roaming Client" agent is a lightweight agent written in C language. Its load on the system is almost negligible.

Can Roksit Detect Phishing Domains?

Yes. Thanks to its native AI classification platform, Roksit detects and blocks the domains used in phishing attacks in a short time.

Cyber X-Ray

You Claim that You Categorize Better Than Other Companies. How Can You Prove This?

We use Cyber X-Ray, our own 100% artificial intelligence-based domain categorization platform. We monitor and store the entire internet historically and relationally up to five years back. We are so confident in this matter that we have added a feature called "Security Gap" to our "DNSEye" product. The "Security Gap" feature gives you a report that shows the malicious traffic your security devices miss. Thanks to this feature, you can easily see our added value to your company. In addition, we provide domain categorization services to the three firewall manufacturers in the world.

What Is Your False Positive Rate in Domain Classification?

Our Domain Categorization Success rate is 99% when we compare it with our rivals or when we consider the feedback from our customers. We receive only one or two categorization requests from our customers who make millions of domain queries daily.

338a Regents Park Road, Office 3 And 4, N3 2LN London, United Kingdom

COMPANY

About Us Why Roksit Leaders Contact Us

OUR PRODUCTS

DNSEye DNSDome Cyber X-Ray

EXPLORE

Blog Media Download FAQ

STAY IN TOUCH

Linkedin Youtube

Roksit DNS IP Adresses

45.129.19.19

45.129.19.20

We value your privacy

By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Accept Cookies Deny Preferences

Privacy Preference Center

When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Reject all cookies Allow all cookies

Manage Consent Preferences by Category

Essential

Always Active

These items are required to enable basic website functionality.

Marketing

Essential

These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.

Personalization

Essential

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.

Analytics

Essential

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.

Save and close