EnforceDNS R24.9

What's New in EnforceDNS!

Self-Serve Syslog Data Export new

This month, we’ve introduced a new method for exporting your DNS logs directly from the EnforceDNS UI. Our Syslog Data Export enhancement enables you to seamlessly export DNS logs to your preferred Syslog server, allowing the data analyzed by EnforceDNS to enrich your SIEM/SOAR systems.

Benefits:

• No Need for Cloud Storage: With the ability to export directly to a Syslog server, clients no longer need to host their own cloud storage for DNS log exports, reducing costs, simplifying infrastructure management, and ensuring compliance with regional regulations regarding cloud storage.

• Data Enrichment: Exporting DNS logs directly to a Syslog server enhances your ability to integrate with SIEM/SOAR systems, allowing for more effective data enrichment.

• Improved Efficiency: The self-serve functionality from the EnforceDNS UI simplifies the export process, giving clients more control and reducing the need for manual intervention or external tools.

Ruleset Creation on Device Name & Username improvement

Clients now have the added ability to create Rulesets based on Device Name & Username.

Benefits:

• Tailored Security Policies: Clients can create highly customized rules based on specific devices or individual users, aligning security policies more closely with their organization’s unique needs. This tailored approach ensures that protection is effectively targeted where it’s needed most.

• Enhanced Control and Precision: The ability to set rules for particular devices or usernames provides clients with greater control over a Client’s security measures. This precision allows for more accurate responses to threats and reduces the risk of over-blocking or under-blocking.

• Flexible Protection Strategy: By enabling ruleset creation for both individual devices and users, this feature supports a more adaptable security strategy. Clients can adjust their protection mechanisms in response to evolving threats or changes in their organizational structure, enhancing overall security posture.

Latest Release Graphic and Notes new

With each new release, users will now see a “NEW RELEASE!” banner, encouraging them to click either the banner or the documentation icon, which now features a link to the latest release notes. This provides a quick way to explore the newest updates for EnforceDNS. Once clicked, the banner will disappear until the next release is available.

Benefits:

• Increased Awareness of Updates: The banner and link ensure that users are immediately informed about the latest features, fixes, or enhancements.

• Streamlined Navigation: Offers a convenient and simple way to access detailed release information, saving time and effort when trying to understand how updates affect usage of EnforceDNS.

Microsoft Defender for Endpoint Integration Block Reason Visibility improvement

When utilizing the Microsoft Defender for Endpoint integration, Client’s are now given the additional context into why the query was blocked. This additional information is included in the ‘Description’ section in MDE and under the ‘Notes’ section in the EnforceDNS MDE list.

Benefits:

• Enhanced Clarity: Clients receive detailed context on why queries were blocked, including specific reasons like ‘Blocked Category - Criminal’ or ‘Malicious Cyber Activity - Dangerous 3rd Party Infrastructure’. This transparency helps Clients understand the rationale behind each block.

• Improved Data Management: With additional information provided in both the MDE and EnforceDNS lists, Clients can more easily sort and manage their data. This helps in efficiently handling block lists and ensuring that critical security decisions are based on well-understood factors.

• Streamlined Adjustments: The detailed context allows clients to quickly identify and adjust any configurations if necessary. Understanding the reasons behind blocks facilitates more informed decisions about potential changes to their security settings.