DNSCyte is a recursive DNS Service based on global cyber threat intelligence and machine learning to block threats and targeted attacks in real time.

Today’s threats are evolving at an exponential rate with new methods for distribution, infection, infiltration and evasion. These new techniques are continually overcoming traditional cyber defences. Famous attacks such as WannaCry, Not-Petya were based on eternal blue that evaded all pattern and signature-based security solutions relying on DNS to communicate to external command and controlservers. With DNSCyte such attacks can be stopped.
The Internet is becoming ubiquitous and we live in a hyper connected World. DNSCyte has indexed 99.9% of Internet which includes more than 1.7 billion web sites and 350 million top level domains growing daily. With this intelligence DNSCyte is able to protect global businesses and users.

DNSCyte can block zero day attacks and identify malicious activity. DNSCyte handles the DNS requests from users and redirects malicious requests to a sinkhole providing a new layer of security with artificial Intelligence.


Monitor and control Internet access for your entire organisation.


Enable secure Internet browsing. Block malicious activity and zero days attacks even when users are off premises.


User behaviour analysis integrated to DNS baselining with machine learning and artificial intelligence for automated classification and blocking.


Enforce corporate compliance to acceptable use policy and enabler for external regulations.


Frictionless access, self-service and self-enrolment increasing business productivity.

Product Benefits

Stop Zero-Day attacks


Pre & Post infection protection


Define and enforce Internet usage policy


White list categorisation of Internet traffic (all ports and protocols)


Next Generation protection using Machine learning & Artificial Intelligence


Classification Within Seconds

DNSCyte machine learning technology enables the classification of unknown traffic in seconds.

DNS Tunnelling Discovery

Discovery of DNS tunnelling is now easy with DNSCyte.


Malicious Activity Prevention

Protect your network against ransomware, malware, phishing, and botnet threats. Stop malicious activity before it starts communication.

Whitelisting for Internet

Only permit categorised Internet traffic to enable strong protection for zero-day attacks.

Analysis of DNS Debug Logs

Identify the source of malicious traffic by enabling the automatic analysis of internal DNS Server logs.

Cloud Based Realtime Reporting

Get real-time visibility and centralised reporting without any on-premise component.

Digital Forensics

In depth digital forensics for users, devices and processes by supporting Inline and out of band operation support.

How It Works
Deploy in minutes without making any change to your physical infrastructure. Simply enable DNS Forwarding or DNS Relay.
DNS Forwarding
The DNSCyte Forwarding service handles all DNS requests for identification and categorisation of Internet traffic. DNSCyte redirects malicious requests to a preferred sinkhole IP Address. This enables malicious traffic to be redirected away from the internal network to a controlled destination for remediation.

Every device and user accessing Internet sends a DNS query to the DNSCyte DNS Server.

DNSCyte DNS Server forwards the request to the DNSCyte Threat Intelligence Service.

If the resolved domain name has malicious content or access to the page is blocked in the
defined policy the user is redirected to a secure web page for notification.

Information about the requested page is reported.

Configure devices in the network to use DNSCyte DNS Servers. Necessary configuration changes are based on how DNS is configured within the organisation.

If a local DNS server is used, DNSCyte should be defined as the forwarder DNS on the local DNS Service.

When using a public DNS Service, configure the DNSCyte IP Addresses as the DNS Server in the DHCP settings.

Hardware Requirements: No hardware is required for this mode of operation.

DNS Relay & Integration With Local DNS Server Platforms
DNSCyte DNS Relay is a VMWARE/Hyper-V based image provided to discover the source of the malicious traffic. DNS relay is a DNS Server that is installed on the corporate network receiving DNS queries before the local DNS Server then forwarding them to the local DNS Server after analysis.

DNS debug logs from domain name controllers or other DNS Server’s are analysed by DNSCyte on premise module.

System forwards the request to the DNSCyte Threat Intelligence Service for classification ans security check.

Response coming from DNSCyte Threat Intelligence Service is used to permit or deny Access.

System can send the response to a SIEM with customized fields in Syslog format.

DNSCyte can also integrate with the following platforms in identifying the source of the malicious traffic without relaying the DNS traffic:

  • Windows DNS
  • Microsoft Active Directory
  • OpenDNS
  • F5
  • Infoblox
Hardware Requirements:  A virtualised appliance with VMWARE ESX or Microsoft Hyper-V with 12 virtual cores, 24 GB RAM and 250 GB HDD for up to 10,000 users.
*Hardware required only if an on-premise DNS Server integration is required.​

Would you like to learn more about how to protect your business?

© 2019 CyberCyte. All Rights Reserved.