Cybercriminals continue to target U.S. state, local, tribal, and territorial (SLTT) government organizations. In 2019, there were more than 100 ransomware attacks -- including an attack on Baltimore's IT systems that locked out thousands of computers and disrupted nearly every city service. This attack is estimated to have cost the city as much as $18 million.
Attackers target SLTT organizations because they know their security teams need to deal with complex networks and systems, and run numerous third-party systems and services, and that these digital transformation initiatives by state and local governments have a rich attack surface. Many SLTT cybersecurity teams are struggling with reduced security budgets and a well-documented shortage of skilled cybersecurity and networking professionals to fill open positions. COVID-19 has added to their security challenges due to a dramatic increase in remote working requests by their workforce and consumers of government services.
To support SLTT organizations in efforts to improve their cybersecurity posture, and bolster resilience against cyberattacks, the U.S. Department of Homeland Security's Cybersecurity Infrastructure Security Agency (CISA) has funded a 12-month project that will allow SLTT security teams to quickly add an additional layer of secure Domain Name System (DNS) security to protect their applications accessing web servers and external mail servers, and to enhance their existing network defenses.
The Malicious Domain Blocking and Reporting (MDBR) service is a fully managed proactive domain security service that will be available at no cost to members of the Center for Internet Security's® (CIS®) Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®). It is being delivered via a partnership among CISA, Akamai, and CIS.
"The MDBR service is based on proven, effective, and easy-to-deploy technology that is designed to quickly help SLTT security teams improve their current security defenses," said Patrick Sullivan, VP and CTO of Security Strategy at Akamai. "The real-time threat intelligence in MDBR is based on Akamai's unprecedented global visibility into web and DNS traffic, which is key to enable us to proactively defend against today's evolving threat landscape that SLTT security teams face."
"MDBR is built on top of Akamai's Enterprise Threat Protector (ETP) service, which is deployed on its platform that provides carrier-grade recursive DNS service. The Akamai Intelligent Edge Platform delivers up to 2.2 trillion DNS queries daily, making it a great partner for this initiative," said Ed Mattison, CIS Executive Vice President of Operations and Security Services.
What is MDBR?
MDBR technology prevents IT systems from connecting to harmful web domains, which helps limit infections related to known malware, ransomware, phishing, and other cyberthreats. It also blocks the vast majority of ransomware infections and other attacks by preventing the malicious actions from communicating with their associated command and control server or domain.
To use the service, an organization simply points its DNS requests to Akamai's DNS servers, which can be done in minutes. After that simple change, every DNS lookup will be proactively compared against a list of known and suspected malicious domains. Attempts to access malicious domains, such as those associated with malware, phishing, and ransomware, among other threats, will be blocked and logged. CIS' security analysts will then provide reporting to members, including information for all blocked requests, and assist in remediation if needed.
MDBR is easy to integrate into an SLTT's existing information technology (IT) infrastructure and requires virtually no maintenance, as CIS and Akamai fully maintain the systems required to provide the service.
Akamai provides all logged data to the CIS Security Operations Center (SOC), including both successful and blocked DNS requests. This data will be utilized to perform detailed analysis and reporting for the betterment of the SLTT community, and for organization-specific reporting for each SLTT organization that implements the service.
CIS's MS-ISAC conducted a technical evaluation of DNS-based security service providers in the spring of 2019 and concluded that Akamai's ETP service along with its MSP Portal was the solution that would best meet the needs of its members.
"MDBR will help SLTTs turbocharge their cyber defenses. It will be a key player in CIS's growing arsenal of our defense-in-depth tool kit," according to James Globe, CIS Vice President of Operations and Security Services.
MS-ISAC and EI-ISAC member organizations can register for the MDBR service here.
Member organizations can also upgrade to a self-managed, stand-alone version of Enterprise Threat Protector that provides additional product features and capabilities at a discounted price. Full information is available here.