MS-ISAC adds domain-blocking service for state and local governments
The Center for Internet Security announced last week an additional service for the state and local governments it supports, with a new program that helps block and report malicious domains that send harmful internet traffic capable of disrupting public services, elections and other critical functions.
The Malicious Domain Blocking and Reporting, or MDBR, service works by preventing government devices from connecting to web domains known to be affiliated with ransomware, other forms of malware, phishing campaigns and other threats. Funded with grant money CIS receives from the federal Cybersecurity and Infrastructure Security Agency, the service is being made available to members of both the Multi-State Information Sharing and Analysis Center and the Elections Infrastructure ISAC, through which IT organizations and election administrators, respectively, receive and circulate cybersecurity intelligence.
The free-of-charge service, which has been active for about five weeks, runs on Akamai’s Enterprise Threat Protector, a gateway that analyzes an IT system’s traffic requests against a list of websites known to be malicious. According to CIS, it could potentially prevent a ransomware attack by preventing an employee who opens a phishing email from connecting to a link that would ordinarily trigger a payload.
Akamai’s product, which is built on its Intelligent Edge Platform, delivers as many as 2.2 trillion DNS requests daily, and the company claims to protect about one-third of all global web traffic.
“This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain,” reads a CIS paper on the domain-blocking service.
Since the service went live in early August, 346 MS-ISAC and EI-ISAC members have blocked more than 10 million requests from malicious entities, the organization said.
The MDBR service also requires very little input on the part of MS-ISAC and EI-ISAC members, who will receive regular reports on it, but do not have access to Akamai’s servers or daily logs. Rather, Akamai analyzes web traffic using proprietary algorithms, though future updates to the program will incorporate threat data specific to state, local, tribal and territorial governments.