Summary: Restena did a market comparison and survey, as finding the solution was a part of a wider EU project. They needed a solution offering both protection and content filtering, as well as high availability and scalability. Also, having an API was important so that Restena could easily extract information from the system to SIEM, and feed it from their other threat intelligence feeds. Whalebone’s technology provided a simple way to centrally deliver sophisticated DNS-based protection to an institution heavily targeted by cyber attacks.
How to enable effective cybersecurity for 560+ educational and research institutions
Governments and government institutions all over the world are looking for solutions to enable centralized protection for its critical infrastructure.
The Restena Foundation interconnects and provides network and security services to more than 560 education, research, health, culture, and public administration institutions in Luxembourg, supporting approximately 60,000 employees, students, and other users.
As a key national service provider and operator of Luxembourg’s top-level domain infrastructure (.lu domain name registration), Restena needed to enhance the cybersecurity of its connected institutions without disrupting their operations.
The challenge
“We needed a solution that can catch, for example, phishing campaigns mimicking a local bank or authentication service., said Restena’s .lu Service Technical Manager Guillaume-Jean Herbiet
Restena needed a solution specifically relevant for Luxembourg, a relatively small country, since a solution using a very large database might not catch relevant local threats if it lacks focus.
“We saw an increase in threats to our institutions and we really wanted to provide them with additional protection. It is a way for us to be more aware about the risks, and for them not to have to worry too much and to be able to focus on their job,” added Herbiet. Additionally, some of the institutions need to abide by government requirements on protection and content filtering.
The solution
Restena was looking for a solution for enabling them to stop advanced attack techniques hackers use to compromise modern security: “Many malware types used DGAs for C&C and it is much more efficient to stop the threats through DNS than try to block their IPs with firewall or other solutions,” said Herbiet. As Restena provides DNS resolution to the institutions in question, they can enable protection centrally to any network which chooses to opt-in.
“Of course we interviewed and studied proposals of other mostly US-based companies, but it was never really clear what kind of data they gather, store, and how they use them. We really wanted a solution which keeps as much data as possible locally, and is GDPR compliant," Herbiet added.
The result
“This was a new set-up scheme for Whalebone, since the resolvers are hidden behind DNS proxies (to make sure the institutions do not have to do any configurations themselves), and it worked instantly, exactly as we expected,” said Herbiet. “In two weeks we had it running for our institutions. Since then, the onboarding is ongoing and goes smoothly. We have run successful tests with DGAs, and the institutions that are using content filtering report that it works well, too.”
Accurate blocking rates are challenging in smaller countries like Luxembourg, as local phishing threats often go
unrecognized in global databases. Whalebone addresses this by utilizing regional threat intelligence through
partnerships with local telcos and European cybersecurity centers, ensuring high accuracy and low false-positive
rates.
"It just works," said Herbiet.
Do you want to learn more about Immunity?