Service 06
Intelligent DNS Security Layer
Intelligent DNS layer — detect tunneling, DGAs, and malicious resolutions before traffic hits your apps, with per-tenant policy.
Intelligent DNS security adds resolver visibility, tunneling detection, and policy enforcement without necessarily replacing your DNS provider. NNSEC instruments cloud and on-prem resolvers, baselines normal query patterns, and escalates through monitor → soft block → hard block modes so security gains confidence before impacting users.
Blocked queries (live)
14,203 blocks today
2.1B/mo
Queries inspected
14k
Blocks / day
99.2%
Tunnel detect
[ WHO IT IS FOR ]
E-commerce, SaaS, and enterprise IT teams facing DNS exfiltration, DGAs, and third-party script risk on customer-facing estates.
[ OPERATING CADENCE ]
Mirror and baseline in weeks 1–2, graduated enforcement week 3+, monthly DNS risk chapter in executive packs.
Problems this
service line solves.
Why teams add this line to the retainer instead of stretching a generic MSSP or point tool.
- ◆Blind spots on resolver traffic and encrypted DNS bypass
- ◆False positives blocking legitimate CDNs
- ◆IR teams lacking query-chain context during exfil attempts
- ◆Peak-season attacks targeting payment flows
What's included
in the retainer.
Concrete outputs — not vague 'assessment' language.
Resolver instrumentation
Cloud and on-prem DNS visibility.
Policy packs
Sector-specific blocklists and allowlists.
DGA detection
ML + heuristics on entropy and NXDOMAIN patterns.
Exfiltration blocks
Stop DNS tunneling and oversized responses.
Dashboards
Per-zone heatmaps and top talkers.
IR integration
DNS events open incidents with full query chain.
How it works
in five steps.
Discovery through operate — same cadence across all nine service lines.
01
Mirror
Tap resolvers without changing client configs where possible.
02
Baseline
Learn normal query patterns per subnet.
03
Enforce
Graduated block modes: monitor → soft → hard.
04
Tune
Whitelist SaaS CDNs and internal zones.
05
Report
Monthly DNS risk chapter in executive pack.
[ 06.3 // PLATFORM ]
NorthSec AI
advantage.
Live malicious query feed in the console — see blocks as they happen with geo and reputation context.
Platform overviewBlocked queries (live)
14,203 blocks today
Control mapping
built in.
Sample mappings — full library expands per tenant frameworks.
CC6.6 Network boundaries
SOC 2
A.8.20 Networks
ISO 27001
PCI 1.3
PCI DSS
[ 06.5 // TIERS ]
Included by tier
| Tier | This service |
|---|---|
| foundation · $3,500/mo | ☒ |
| growth · $5,000/mo | ▲ |
| scale · $8,000/mo | ☑ |
| enterprise · $12,000/mo | ☑ |
☑ included · ▲ add-on · ☒ not in tier
Customer outcome
DNS exfil stopped
Retail group blocked 41-day tunnel attempt via resolver analytics.
E-commerce · anonymized
FAQ
Usually no — we layer security on existing resolvers or forwarders.