Malicious Domain Blocking and Reporting (MDBR)

Minnesota IT Services (MNIT) offers Malicious Domain Blocking and Reporting (MDBR) service through a trusted vendor partner. MDBR is a web security solution that provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. MNIT’s vendor designed it in partnership with the Cybersecurity and Infrastructure Security Agency (CISA).  

Minnesota's local government entities are eligible to participate in the Whole-of-State Plan and access MDBR if they are: any Minnesota municipality, city, town, township, local public authority, critical infrastructure, school district, special district, intrastate district, county, Tribal Nation, port city, council of governments, regional or interstate government entity, or agency or instrumentality of a local government.

How MDBR works on your network 

This protective domain name system (PDNS) is a cloud-based solution that uses recursive domain name system (DNS) technology to prevent IT systems from connecting to harmful web domains. This helps state, local, tribal, and territorial (SLTT) governments limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain. 

Once an SLTT points its PDNS requests to the vendor’s DNS server IP addresses, every DNS lookup will be compared against MDBR's list of known and suspected malicious domains. Attempts to access known malicious domains such as those associated with malware, phishing, and ransomware, among other threats, will be blocked and logged. The vendor will provide reporting that includes log information for all blocked requests and assist in remediation, if needed. 

 The service can be implemented quickly and requires virtually no maintenance. SLTTs can enjoy the protection of MDBR whether users are in the office or working remotely. By setting policy that requires mobile devices and laptops to use the MDBR solution, users will be protected. 

Key benefits at a glance

Implements technology that prevents IT systems from connecting to harmful web domains.

Helps limit infections related to malware, ransomware, phishing, and other cyber threats.

Fast and easy to deploy.

Requires little maintenance.

Protects users in the office or working remotely.

Event reports can be scheduled to the cadence that works with your organization.

Billing and pricing

Billing

A no-charge contract will be sent for signature for agreement to terms and conditions.

Pricing

MDBR is a free service to Minnesota’s local government entities. The State of Minnesota is using funds from the federal State and Local Cybersecurity Grant Program (SLCGP) grant to cover the cost of this service.

Contact us for more information

Contact MNIT’s Cyber Navigator Team with questions or to sign up for MDBR: CN.MNIT@state.mn.us.

When you sign up for MDBR, you will be asked to provide the following information: 

Your contact information

Technical contact(s) for MDBR setup, troubleshooting, and general technical support

Reporting contact(s) for receiving reports on your MDBR service

Public IP addresses or Classless Inter-Domain Routing (CIDR) netblocks from which your organization’s DNS queries are sent

We'll work through the registration process with your organization. As the final step, you'll need to point your DNS requests to the vendor’s DNS server IP addresses. This will enable MDBR to prevent attempts to access known malicious domains. 

Learn more

What is the Malicious Domain Blocking and Reporting (MDBR) service?

MDBR is a web security solution that provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. It implements recursive Domain Name System (DNS) technology that prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain. MNIT works with a selected vendor to provide the MDBR service.
What is Enterprise Threat Protector (ETP)?

The vendor operates Enterprise Threat Protector (ETP), a carrier-grade recursive DNS service which is integrated into the MDBR service. ETP is a quick-to-configure, easy-to-deploy Secure Web Gateway (SWG) that requires no hardware to be installed and maintained. ETP has multiple layers of protection that leverage real-time Cloud Security Intelligence and multiple static and dynamic malware-detection engines to proactively identify and block targeted threats such as malware, ransomware, phishing, and DNS-based data exfiltration. Every requested domain is checked against the vendor’s real-time threat intelligence, and requests to identified malicious domains are automatically blocked.
How does MDBR work?

MDBR is a cloud-based secure DNS solution specifically designed for U.S. SLTT organizations. It proactively blocks network traffic from an organization to known and suspected harmful web domains, helping protect IT systems against cybersecurity threats. Once an organization points its domain name system (DNS) requests to the vendor’s DNS server IP addresses (primary and secondary), every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains such as those associated with malware, phishing, and ransomware, among other threats, will be blocked and logged. Accepted and blocked DNS request logs will be stored for a period of 30 days. The vendor will provide weekly reporting to each participating entity related to both accepted and blocked requests and assist in remediation, if needed.
Does MDBR replace Albert Network Monitoring and Management?

No, the two services are not co-dependent and can be run independent of each other. However, when used in conjunction with Albert network monitoring sensors, the two services are effective in preventing ransomware and other malicious attacks from being successful. The MDBR service is easy to implement and requires virtually no maintenance, as the vendor fully maintains the systems required to provide the service.
How does MDBR differ from other DNS filtering services?
How challenging will it be to add MDBR to our environment?
Who do I contact to sign up for MDBR or make changes to my account?