BLUE SHIELD UMBRELLA
Blue Shield Umbrella is a cloud-based security solution with real-time threat prevention. All internet traffic is verified on the DNS level with AI based algorithms. Traffic gets scanned and blocked before it can reach the corporate network. The solution is multi-tenant and MSP enabled.
Own root server mirroring
All domains are presorted on a so-called ‘whitelist’ root name server basis before being included in our DNS system.
Specially developed sandbox solutions supplied by different manufacturers, dedicated crawlers as well as an entirely new type of algorithm are used to evaluate whether a domain is to be included in our Blue Shield Umbrella platform.
All web codes are scanned for faulty software and every incorporated web link checked, e.g. for CDN networks, forum links, etc. – we are setting new standards when it comes to zero-day prevention measures.
Whenever an infrastructure changes so drastically that its historical data do not match current behavior, we will block the domain concerned until a new real-time prevention profile has been created.
Code scans by AI in the background
This information is used on an ongoing basis to determine whether the domain in question is still being accepted by the clones of our root name servers.
Everything that is unknown gets blocked
• Connection behavior
• Code assessment including hidden subdirectories
• Any other traffic (such as MX)
Additionally, we use passive DNS learning – we have been building a database for machine learning since 2013.
• Which domains are pointing at the target, have they behaved suspiciously in the past?
• Domain owner including its history
• Authoritative name server
Continuous whitelist evaluation & review
Facts & Figures
Blue Shield Umbrella is currently blocking all domains of more than 4,000 authoritative name servers – and rising.
Over 248 million new domains are created every quater, of which more than 70% are either faulty or command & control domains, disqualifying them from being included in the platform.