SECURE64 DNS PRODUCTS OFFER ‘DNS GENETIC DIVERSITY’ FOR MORE SECURE DNS INFRASTRUCTURE
DENVER – June 28, 2012 – Secure64 Software Corporation offers a suite of secure DNS products that enable companies to increase the “genetic diversity” of their DNS infrastructure and greatly improve their resistance to dangerous DNS threats. DNS threats have garnered numerous headlines in recent years, including more than a dozen major vulnerabilities in the widely-deployed BIND DNS software that is also used in most commercial DNS appliances. Each of these vulnerabilities forces IT departments around the world to scramble in an effort to implement emergency patches before the vulnerabilities can be exploited. Because Secure64 products do not share any code with BIND and run on a different operating system and microprocessor than traditional DNS solutions, they offer much-needed diversity across every layer of DNS infrastructure—hardware, operating system and application layers—mitigating the risk that any one threat will take down a company’s DNS infrastructure.
“Any software product can have vulnerabilities, but BIND is an especially attractive target because it is so widely deployed. When a company’s DNS infrastructure is entirely dependent on one technology, that’s an obvious risk. That is why genetic diversity is so important for DNS infrastructure,” said Dr. Bill Worley, CTO of Secure64 and a former Chief Scientist at Hewlett-Packard. “Companies that exclusively use BIND-based commercial DNS products are forced to spend unplanned time upgrading software on their DNS infrastructure or risk exposing their DNS service to attack and disruption. This endless cycle of patching increases both risk and operational costs. Secure64’s products provide genetic diversity at the hardware, operating system and application layers, which makes them immune to BIND, Unix and x86-specific security vulnerabilities. That protects our customers against vulnerabilities that affect other DNS variants.”
Over 80 percent of the world’s DNS servers rely on the same DNS code base (BIND), creating the potential for a global Internet meltdown in the event of a sophisticated attack or virus. Secure64 provides organizations with a simple path to genetic diversity across every layer of their DNS infrastructure by running on a different architecture than all other DNS servers. Below is an outline of features that enable Secure64 solutions to increase the genetic diversity and security of an organization’s DNS infrastructure:
Secure64 DNS Product Security Advantages | ||
Layer | Security Feature | Advantage |
Hardware | Unique stack architecture | Attackers cannot cause remote code execution |
Hardware | Authenticated boot process | No path for rootkit injection or execution |
OS | Software authentication | Eliminates paths for malware infection on disk |
OS | Executing software cannot be read or modified | Eliminates the possibility of malware infection at runtime |
OS | Built-in denial-of-service protection | Deflects high volume denial-of-service attacks without impacting application availabilty |
OS | FIPS 140-2 level 2 certified cryptographic module | Protects private keys used to secure critical Internet communications |
OS | Proprietary code base | Source code is not accessible to attackers |
Application | Non-BIND based DNS | Is not vulnerable to BIND-specific security vulnerabilities |