Posted On: Nov 21, 2024
Today, we announced Amazon Route 53 Resolver DNS Firewall Advanced, a new set of features on Route 53 Resolver DNS Firewall that allows you to monitor and block suspicious DNS traffic based on anomalies detected in the domain and subdomain names. With Route 53 Resolver DNS Firewall Advanced, you can identify and block DNS traffic associated with advanced DNS threats, such as DNS tunneling and Domain Generation Algorithm (DGA) based threats.
Route 53 Resolver DNS Firewall Advanced enables you to monitor and block DNS threats designed to avoid detection by threat intelligence feeds used for blocking specific bad domain names. For example, threats based on DGAs operate on the basis of vending command and control domains in high volume and for short durations, making it difficult for threat intelligence feeds alone to track and block in time. At the same time, DNS tunneling can transmit sensitive data rapidly to command and control servers, before out of band threat intelligence feeds can identify the associated bad domain(s) to be blocked.
Today, Route 53 Resolver DNS Firewall helps you block DNS queries made for domains identified as low-reputation or suspected to be malicious, and to allow queries for trusted domains. With Route 53 Resolver DNS Firewall Advanced, you can now deploy additional protections that monitor and block your DNS traffic in real-time based on anomalies identified in the domain and subdomain names being queried from your VPCs. DNS Firewall Advanced employs advanced Machine Learning (ML) models to make probabilistic decisions on the possibility and the severity of the threat, by analyzing queries across your VPCs for key threat signatures. To get started, you can configure one or multiple DNS Firewall Advanced rule(s), specifying the type of threat (DGA, DNS tunneling) to be inspected, and assign a minimum confidence threshold (high, medium, low) to give you the flexibility to block or alert the queries based the degree of accuracy of the identified threat. The rules are then added to a DNS Firewall rule group, and enforced for VPCs by associating the rule group to each desired VPC. You may also share and associate the rule groups containing DNS Firewall Advanced rules with one or multiple VPCs and Amazon Web Services accounts at a time, using Amazon Firewall Manager, Amazon Resource Access Manager (RAM), Amazon CloudFormation, or Amazon Route 53 Profiles.
To learn more about the feature, visit the Amazon Route 53 webpage. To get started with this feature, visit the Route 53 Resolver DNS Firewall Advanced documentation. To learn more about pricing, you can visit the Route 53 pricing page.