Piloting CUJO AI Lite and Improving DNS Block List Update Times 10X

March 29, 2022

CUJO AI specializes in providing robust multi-layered cybersecurity for network operators, which protects all end-user devices in their home networks. While the CUJO AI Agent runs on all modern customer-premises equipment (CPE), there are end-user segments that use either their own retail routers or legacy equipment and are protected solely by DNS block lists. We have recently developed a solution for protecting such users – CUJO AI Lite – which greatly improves the quality and speed of DNS signature updates for network providers.

DNS block lists are an important feature of network operator security and compliance, and quickly updating signatures in these lists is key for better end-user protection. Faster DNS updates greatly reduce the impact of malicious websites and servers.

Nevertheless, network service providers still face quite a few challenges with DNS server management. CUJO AI was approached by one of our clients – a major network service provider (NSP) – who asked us to provide our high-quality threat intelligence from CUJO AI Labs for their DNS block list.

Major Network Operators and DNS Block List Management

Our client wanted us to provide CUJO AI Labs threat intelligence signatures for their DNS service, as it would allow them to protect customers who had legacy CPE or their own retail routers. Their DNS signature provider used only public threat intelligence sources and lacked key insights that CUJO AI Labs has from monitoring over 1 billion devices around the world.

The NSP was also getting signature updates in a way that required additional work before they could be deployed. This included maintaining a code base solely for their DNS update management.

These inefficiencies made the update process extremely slow, as an update could take close to an hour. Thankfully, the NSP had a dedicated team that managed their DNS service, unlike many smaller network operators who have even fewer resources.

Improving Block List Update Times 10X

Initially, our client asked us to provide threat intelligence signatures in the same legacy format, which we delivered. But, seeing how the process could be improved, we offered a substantially faster solution with less overhead for the NSP.

Our approach included maintaining our own dynamic DNS server that can, after a simple initial integration, push block list updates to the provider’s DNS servers without any additional maintenance. This allowed us to rapidly update threat intelligence data with new discoveries from CUJO AI Labs, as well as other public threat intelligence sources.

In the end, our client was able to use higher quality threat intelligence data provided by CUJO AI Labs and get updates around 90% faster (in minutes as opposed to hours). In addition to faster update times, CUJO AI Lite requires no maintenance from the NSP’s side, making it the perfect solution for any network operator.

Learn more about how CUJO AI Lite works by downloading the CUJO AI Lite whitepaper.