Amazon Route 53 Resolver DNS Firewall
Amazon Route 53 Resolver DNS Firewall protects VPC DNS traffic by allowing or blocking domain resolutions using custom and AWS-managed domain lists
Detects and blocks covert data exfiltration and command-and-control channels that exploit DNS queries
Identifies and stops domains generated by DGAs, which are often used for malware communication and evade traditional blocklists
Analyzes domain structure, character patterns, and similarity to natural language to distinguish between legitimate and suspicious domains
Inspects DNS queries in less than a millisecond, ensuring robust security without impacting application performance
Offers high, medium, and low confidence thresholds to balance detection sensitivity and false positives, with actions like block or alert
Provides detailed DNS query logs for monitoring, compliance, and forensic analysis, including blocked queries and traffic patterns
Automatically sends DNS Firewall findings to AWS Security Hub for centralized security visibility and compliance assessment
Protects against DNS-based threats that can evade security groups, NACLs, and AWS Network Firewall due to the unique Route 53 Resolver path
Can be set up using AWS Console or CloudFormation templates, with recommended rules for balanced protection and alerting
For more details visit Govindhtech.com