Corporate

Take over full control of your DNS traffic with seamless integration

For the first time in my career, I have experienced such a quick and seamless integration of security technology into the whole network.

Miloš Vodička, Head of IT, Aero Vodochody

Corporate features

What Whalebone gives you

Whalebone Corporate monitors and lets you block external attacks. Furthermore, it’s flexibility means you don’t have to go through comlicated installation and setup process to protect yourself.

Control of DNS traffic

Today the DNS resolution is provided by your connectivity provider. Internally there are no mechanisms how to control it. Whalebone provides you full DNS resolver & DNS firewall.

Full visibility

Whalebone gives you live audit and full visibility of the DNS traffic that traditionally flew under the radar. Look into any incident via Whalebone fulltext traffic search.

Clean DNS traffic

Whalebone makes sure the DNS protocol is used for intented purpose only. Whalebone blocks DNS tunneling, malware communication and verifies communication via DNSSEC.

Seamless integration

The combination of on-premise and cloud components makes it easy to fit into the existing environments. Processing of alerts and anomalies in existing SIEM or log management and integration via API makes most out of Whalebone.

Try Whalebone for free

Find out for yourself how easy it is to work with Whalebone.

Control of DNS traffic

Today the DNS resolution is provided by your connectivity provider. Internally there are no mechanisms how to control it. Whalebone provides you full DNS resolver & DNS firewall.

How will you deal with DNS over HTTPS?

First of all, there is misunderstanding about DNS over HTTPS, as everyone thinks all the applications will go directly to cloud. That is not true and the major players like Google and Microsoft already stated they will honor the usual DNS flow, but they would like to secure it with TLS layer. We support DNS over HTTPS on our resolver and we are also proud members of Encrypted DNS Initiative.

Does it work in Active Directory environment?

Of course it does, most of our corporate deployments are integrated with Active Directory and there is nothing special about it. You will just configure the details about your domain names and Domain Controllers and the resolver will ensure everything works smoothly.

My ISP provides me DNS resolvers, why can’t I use those?

Because you don’t have any control over those resolvers, you know nothing about their state, patch level, configuration and who manages them. Having your own resolvers gives you clear answers for your risk analysis.

Full visibility

Whalebone gives you live audit and full visibility of the DNS traffic that traditionally flew under the radar. Look into any incident via Whalebone fulltext traffic search.

What traffic details can I see in Whalebone?

Anything that happens on your network is visible in our portal, you can setup alert to be notified in real-time and major events will be included in the regular report. You can search the DNS traffic via our full text search capability or setup a machine to machine communication via our REST API. You can find anything that happens in your network.

Are there any DNS anomalies I should care about?

A lot of them actually. Machines trying a lot of randomly looking domains could be searching for their botnet Command&Control server using Domain Generation Algorithm, huge number of lengthy queries could point you to DNS tunneling or a regular desktop sending MX queries is probably an infected machine trying out what can be done in your network.

How long does it take before I can analyze the traffic?

Everything what happens on your network is available in a matter of seconds in our rich dashboards with drill down and full text searching capabilities. Combine multiple filters, move back in time, look for traffic of particular machines. Everything to empower your Threat Hunting efforts.

Clean DNS traffic

Whalebone makes sure the DNS protocol is used for intented purpose only. Whalebone blocks DNS tunneling, malware communication and verifies communication via DNSSEC.

Why should I care about DNS tunneling if I block port 53 on the perimeter?

DNS tunneling is much more than just sending data over port 53. Attackers use dedicated domains and fake authoritative servers to setup tunnels through a regular DNS resolution chain like client – domain controller – ISP resolver – attacker server. And noone on the way suspect a thing as everything works as a regular DNS traffic. Advanced analysis has to be applied to disclose such behavior.

I have an antivirus and firewall, why should I use Whalebone?

Antivirus is limited to supported systems and antivirus on already infected system has very little chance and can be blind. Perimeter firewalls and proxies are great in protecting against threats on HTTP/S and email, however they don’t care about DNS protocol.

What is DNSSEC?

DNSSEC is a mechanism defined by an RFC to ensure the integrity of the DNS answers. As DNS protocol is not encrypted, it could be modified by anyone along the way. DNSSEC signs the answers and DNSSEC enabled resolver is able to verify, that answer is valid and hasn’t been changed by a hacker trying to lure you to their fake servers.

Architecture designed for seamless integration

The combination of on-premise and cloud components makes it easy to fit into the existing environments. Processing of alerts and anomalies in existing SIEM or log management and integration via API makes most out of Whalebone.

Why should I have on-premise DNS resolvers and not just cloud?

Because the closer you place the resolver to your client devices, the lower the chance an attacker will be able to modify the traffic. And also you are able to see the very source IP address of every DNS requests which makes further analysis and response much easier.

Can I integrate Whalebone with SIEM or log management?

Of course and we offer many ways to do it. You can consume logs via syslog, or gather them directly from the log files. Whalebone team will provide you parsing rules to make the integration with your SIEM plug and play. Should you want to consume just high level alerts and leave all the hard work to us, no problem, we will integrate just the alerting outputs.

Shorter question users are often having?

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Does Whalebone offer any automation?

There are many possibilities how to integrate Whalebone with you infrastructure and other tools. Alerting can be fine tuned to let your specialists or systems know when something is happening and you can adjust the thresholds anytime. Or you can get the visibility on Whalebone data into your existing monitoring systems via REST API or integrate dynamic URLs to have one-click drill down view into Whalebone.

3

We protect internet users on 3 continents – Europe, Asia and Africa

100

more than 100 telcos, corporates and ISPs trust Whalebone

1

Whalebone is the market leader in implementation time

Whalebone is selected by the market leading brands

”For the first time in my career, I have experienced such a quick and seamless integration of security technology into the whole network.”

Miloš Vodička, Head of IT, Aero Vodochody

“Immediately on the first day of having Whalebone in operation we found an infected device. My colleagues have taken to sample and put the device into isolation. The service looks great.”

Peter Kleinert, Binary Confidence MSSP

news

10/10/2019

What is Whalebone Threat Intelligence and Whalebone Neural networks?

But I must explain to you how all this mistaken idea of denouncing pleasure and praising pain was born and I will give you a complete account of the system, and.

10/10/2019

What is Whalebone Threat Intelligence
and Whalebone Neural networks?

10/10/2019

What is Whalebone Threat Intelligence
and Whalebone Neural networks?

Whalebone trial

Try Whalebone for free

Find out how easy it is to work with Whalebone.