Web Office Gateway Features

Enforcement built into the foundation of the internet

DNS Geocypher uses the internet’s infrastructure to block malicious destinations before a connection is ever established. By delivering security from the cloud, not only do you save money, but we also provide more effective security.

Here’s how:

DNS & IP layer enforcement

Geocypher uses DNS to stop threats over all ports and protocols — even direct-to-IP connections. Stop malware before it reaches your endpoints or network.

Intelligent proxy

Instead of proxying all web traffic, Geocypher routes requests to risky domains for deeper URL and file inspection. Effectively protect without delay or performance impact.

Command & control callback blocking

Even if devices become infected in other ways, Geocypher prevents connections to attacker’s servers. Stop data exfiltration and execution of ransomware encryption.

Visibility into traffic both ON and OFF your network

Your users and apps have left the perimeter. Geocypher provides visibility into internet activity across all devices, over all ports, even when users are off your corporate network. You can even retain the logs forever

Threat intelligence to see attacks before they launch

Geocypher learns from internet activity to automatically identify attacker infrastructure staged for current and emergent threats. We capture and understand relationships between malware, domains, IPs, and networks across the internet.

Statistical models

Geocypher analyzes data to identify patterns, detect anomalies and create models to predict if a domain or IP is likely malicious. Automatically correlate data and block attacks.

DNSnetworks Investigate

Access our threat intelligence of global DNS requests for a complete view of the relationships between domains, IPs, and malware. Enrich your incident response and SIEM data.

DNSnetworks ecosystem

Geocypher uses URL and file reputation scores from Cisco Talos and Cisco AMP to block malicious content. Benefit from daily analysis of millions of malware samples and terabytes of data.

Enterprise-wide deployment in minutes

Geocypher is the simplest security you’ll ever deploy. There is no hardware to install or software to manually update, and the browser-based interface provides quick setup and ongoing management.


Here’s how:

On-network devices

By changing one setting on your network server, access point or router, you can protect all devices — even those you don’t manage. Implement powerful security without operational complexity.

Off-network laptops

Protect laptops when the VPN is off with Geocypher’s light weight roaming client or built-in Cisco AnyConnect integration. Easily extend protection beyond the corporate network.

Browser-based interface

How does the pricing work?

DNSnetworks didn’t want to crack our heads trying to come up with a pricing model that is hard to understand. We came up with 3 simple plans.

Small Office

Ideal for small offices on a budget

  • Core platform features
  • $19.95 / Month
  • For up to 5 employees
  • Statistics, Reports & Policies

Medium Size Office

Ideal for small growing businesses

  • Core platform features
  • $39.95 / Month
  • For up to 15 employees
  • Employee Metrics
  • Customized Web Policies
  • fully Managed by DNSnetworks Staff

Corporate Office

Ideal for enterprises around the globe.

  • Corporate Features
  • $69.99 / Month
  • For up to 50 employees
  • Enterprise Policies
  • Custom Reporting
  • DLP
  • fully Managed by DNSnetworks Staff

Enterprise Office

Ideal for large enterprises with branch offices.

  • Enterprise Features
  • $89.99 / Month
  • For up to 75 Employees
  • Custom Rules
  • Custom Reporting
  • DLP
  • fully Managed by DNSnetworks Staff

Built into the foundation of the internet.

The domain name system (DNS) is a foundational component of the internet — mapping names to IP addresses. When you click a link or type a URL, a DNS request initiates the process of connecting any device to the internet. For our cloud security platform, we use DNS as just one way to make connecting to the cloud not only simple and fast, but also secure.

A bit about our global network.

We process billions of DNS requests from millions of users every day. Not only do we have data center locations around the world, but more importantly, we peer with the top internet service providers (ISPs) and content delivery networks (CDNs) to shorten the routes between every network in the world and our data centers — making your internet access even faster.

We scale to support tens of thousands of concurrent enterprises and block millions of concurrent threats. In fact, we enforce 7 million unique malicious destinations at any given time. No appliance could scale to deliver this same efficacy.

100 billion daily internet requests

85 million users

25 datacenters worldwide

500+ partnerships with top ISPs & CDNs

7M+ malicious destinations enforced concurrently

The fastest, most reliable platform.

When you connect to a cloud security platform, performance is critical. It cannot break or slow down your internet connection. Since our network was established in 2006, we’ve had 100% uptime. To ensure reliability, we use Anycast routing— every data center announces the same IP address so that requests are transparently sent to the fastest available with automated failover. With Umbrella, you’ll never experience downtime for maintenance and you don’t need  static routes to a primary and backup datacenters.

Peering for speed.

DNS’ Geocypher won’t add latency compared to your current provider. In fact, many customers see a boost in internet speed. Our Canadian datacentres provide shortcuts between every network. And DNSnetworks stores the responses to 80 million users’ daily requests, and for most safe destinations, responds back immediately.

Protection in 30 seconds with one change.

Do you use DNS or DHCP servers in your network? Just add in one of the settings, and every device on that network is protected. What about laptops connecting off network? If you use Cisco AnyConnect, simply enable the Umbrella roaming security module for protection anywhere — even when the VPN is off. If not, we have an agent that works with any VPN — proven in over a million deployments. And by performing everything in the cloud, there is no hardware to install, and no software to manually update.

Enforcement without latency or delay.

To start, Umbrella determines which customer the internet request belongs to, and which policy to enforce. Next, we determine if the destination — domain request and IP response — is (A) malicious, unwanted, or blacklisted; (B) safe or whitelisted; or (C) risky, meaning it hosts both malicious and safe content.

For type A destinations, we route the connection to a block page. For B, we route the connection as normal. And for C, we route the connection through our cloud-based proxy for deeper inspection. All requests are logged globally and immediately visible for your security teams to take action.

World's first intelligent proxy.

Traditionally, blocking web content at the URL level requires proxying all connections — which adds complexity and negatively impacts performance. With DNSnetworks’ Geocypher, safe connections are allowed and malicious requests are blocked at the DNS-layer. Only requests to risky domains, which contain both malicious and legitimate content, are routed for deeper URL and file inspection. With Geocypher’s intelligent proxy, users don’t experience any slow or broken internet access.

Our platform is open for integration.

One fear that IT has with the cloud is a loss of customization and control. Our platform that integrates with your in-house tools and third party solutions. Additionally, you can query our threat intelligence using the Cisco Investigate API and enrich security event data in your SIEM or other systems.

See attacks before they launch.

We see the relationships between malware, domains, IPs, and networks across the internet. Similar to how Amazon learns from shopping patterns to suggest the next purchase, we learn from internet activity patterns to automatically identify attacker infrastructure being staged for the next threat.

Attacks don't just suddenly happen.

The development lifecycle to create new attacks is similar to that of new applications. An app developer builds something, tests it, and then launches it. Attackers do the same, which requires infrastructure, malware, and a web or email delivery scheme. While they modify and create new malware (e.g. ransomware variants) and draft new phishing emails, attackers often reuse the exact same infrastructure (e.g. web servers and IPs) for multiple attacks — leaving behind cyber fingerprints. We focus on identifying those fingerprints, so we can pinpoint current attacks and even uncover emerging threats being staged.

Statistical models are our secret sauce.

We statistically score the “guilt” of domains and IPs to determine if they’re part of an attacker’s infrastructure. More than a reputation score that looks at the past, we analyze both historic and live data. And we’ve built statistical models to automatically score and classify all of our data, so we can detect anomalies, and uncover known and emergent threats. We use three main approaches: guilt by inference, guilt by association, and patterns of guilt.

Making discoveries through DNS resolution.

We analyze the request patterns to detect many types of threats and anomalies. For example, we can determine if a system is compromised based on the types of requests it’s making. If a device is making requests to a number of known-bad domains, it’s more likely to be compromised. The user requests patterns across our user base give us great insight into potential threats.

A new approach to security research

There is no army of security researchers big enough to manually identify every threat. Our technology uses Cisco security researchers to take mathematical concepts and find new ways to apply them to security data — helping us uncover threats before attacks even launch. Our security researchers leverage advanced data mining techniques, 3D data visualization, and security domain expertise to develop the statistical models behind our intelligence.

Deploy enterprise-wide in less than 30 minutes.

Process and enforce 7M malicious domains & IPs.

Identify 60K+ new malicious destinations daily.

Efficacy is king.

Threat intelligence is one thing, but you also need to act on all of that data. Our technology has the horsepower to actively process and enforce more than 7 million unique malicious domains and IPs concurrently at the DNS layer — appliances and hybrid-cloud solutions can’t come close to enforcing that many threats at once. And we’re constantly adding to our block list — 60,000+ new destinations are added every day. Plus, we can be deployed enterprise-wide in minutes — making it one of the easiest ways to start protecting users.

Comments are closed