Secure64 Adds Chris DeMarche to Board of Directors

Greenwood Village, CO –  January 30, 2017– Secure64, the leading provider of Genuinely Secure DNS servers, announced today the addition of Chris DeMarche to the Secure64 Board of Directors.

“Recruiting successful entrepreneurs like Chris to the board is a key goal of the company,” says Steve Goodbarn, co-founder of Secure64. “Our secure DNS solutions have successfully protected our customers from numerous denial-of-service and other malware attacks, but we need to grow to have a true impact. Chris’ expertise in growing, partnering, and running technology companies is critical to our expansion.”

“I am excited about the opportunity to join the Secure64 Board,” says Chris DeMarche, “As a former service provider, I appreciate the Secure64 product line.  It is incredibly secure, which means it is always available – this is critical to a provider. In this era of massive DNS DDoS attacks driven by the Internet of Things (IoT), self-protecting, secure DNS servers should be central to a provider’s network.”

Chris DeMarche has more than 30 years of experience in large scale operations, software development and wireless & IP network technologies. Currently, he assists investors with different aspects of their portfolios including both board and operational positions. Chris co-founded Verio in 1996 and served as its CTO until 2000, a year after its merger with NTT. Prior to Verio, he was senior VP and acting CTO for Nextel Corporation/OneComm.  He earned his B.S. from the U.S. Naval Academy, an M.S. in Systems Management from the University of Southern California and an M.B.A. from the University of California at Los Angeles.

About Secure64 Software Corporation

Secure64 brings trust to the internet through its suite of purpose-built, secure, DNS-based network security products. The company was built on a foundation of security and has forged solutions that are self-protecting and immune to malware.  Secure64 secures the DNS infrastructures of leading service providers, government agencies and enterprises globally,

Secure64 is a privately held company founded by technology and financial veterans and boasts deep technical and global experience in its leadership and staff.  It is the only DNS solution provider that has authored a secure micro OS, automated the deployment of DNSSEC and built self-protecting DNS servers. For more information, visit www.secure64.com

Dyn, BIND and DNS Strategy

[vc_row][vc_column width=”2/3″][vc_column_text]

On October 21, 2016, leading websites including Twitter, Netflix and Spotify were severely interrupted by an attack on DNS hosting provider Dyn.  Many service providers experienced degradation in their DNS services because attempts to access popular web sites resulted in a SERVfail response. So is it time to review your DNS strategy?

[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_single_image image=”3121″ img_size=”500×300″][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]

Here are the reasons to do so:

#1.

DNS is the telephone directory of the internet.  If DNS performance is degraded then IP-based services degrade.  The Dyn attack clearly shows that firewalls and cloud defenses alone don’t provide enough protection to DNS. The DNS platform itself needs to be robust and self-protecting.[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_single_image image=”2544″ img_size=”” alignment=”center”][/vc_column][/vc_row][vc_row][vc_column width=”1/3″][vc_single_image image=”644″ img_size=”” alignment=”center”][/vc_column][vc_column width=”2/3″][vc_column_text css=”.vc_custom_1484340668603{margin-right: 10px !important;}”]

#2.

On November 1st  a critical vulnerability, CVE-2016-8864,  was issued that affects BIND-based DNS systems. This bug allows a remote DDoS attack.  This is the 7th such BIND  vulnerability this year, and the 25th critical BIND vulnerability in the last 4 years – which causes the need to drop everything and patch. Most DNS is based on ISC BIND or commercial varieties of BIND (eg Inblox, F5, Cisco, Huawai, ZTE, Nokia, Ericsson). BIND is basically free open-source software and you get what you paid for.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]

#3.

All software has bugs and vulnerabilities, but some software is better than other software. At least having a diversified DNS technology strategy gives you an insurance policy. Cyber attacks tend to affect different DNS in different ways. Keep in mind that ISC BIND and Infoblox do not create a diversified DNS technology strategy – they are both BIND.

[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_single_image image=”1040″ img_size=”” alignment=”center”][/vc_column][/vc_row][vc_row][vc_column width=”1/3″][vc_single_image image=”1656″ img_size=”” alignment=”center”][/vc_column][vc_column width=”2/3″][vc_column_text css=”.vc_custom_1484340658251{margin-right: 10px !important;}”]

#4.

If you are scoping out a DNS review then don’t forget to consider the Operating System.  We know the internet is being attacked by IoT devices (cameras, routers and even toasters!) and this is all because the OS and passwords are neglected.  Unlike other technologies in the network, the DNS OS can be deployed in a hardened form or a genuinely secure form to resist root kits and malware.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]

#5.

Secure64 offers self-protecting authority and caching servers that are built on a proprietary and highly secure micro OS, or with a secure Linux kernel – no BIND, no security devices needed.
[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_single_image image=”2131″ img_size=”” alignment=”center”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Isn’t it time to diversify your DNS?

[/vc_column_text][/vc_column][/vc_row]

Blocking Attacks from the Incredibly Insecure Internet of Things (IIIoT)

[vc_row][vc_column width=”1/3″][vc_single_image image=”2540″ img_size=”500×500″ alignment=”right”][/vc_column][vc_column width=”2/3″][vc_column_text]

In the wake of the massive attack against DNS provider Dyn, we as a security industry need to ask ourselves “what the hell are we going to do about the usage of dumb, secure-less IOT devices to become a bot army?”

In the fallout after the attack, security experts are tasking end users, device manufacturers, hosting providers and ISPs to prevent its recurrence.   End users need to change passwords, device manufacturers need to harden their machines, hosting providers need to grow their capability and ISPs need to detect spoofed IPs.  Potentially the easiest and fastest way to block massive DDoS attacks is to use the Domain Name System to detect and mitigate bots.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]

The DNS Knows

The DNS is an incredibly good place to detect and prevent bot activity. Because IP addresses change, every piece of malware needs to call home to get instructions and when it does so, it queries the DNS. When that query tries to link to a known Command & Control Center or phishing site, the DNS can hang up the phone, preventing the malware from getting instructions and participating in a denial of service attack.
Every network that services IOT devices could prevent their widespread usage as a botnet if they implemented this service – and Congress wants ISPs to act. The co-founder of the Senate Cybersecurity Caucus, Senator Mark Warner, asked what network management practices could be adopted by ISPs to repel traffic that might emanate from botnets.  Although using the DNS to identify and block bots would not help them repel traffic, it would prevent devices on the ISP’s network from participating in a botnet. Such a service protects the very Internet itself by using the backbone of the Internet to detect and then prevent bot activity.

To learn more about using the DNS to block bots, watch the recorded Secure64 webinar, “Defending with DNS.”[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_single_image image=”2544″ img_size=”500×500″][/vc_column][/vc_row]

DNS Hosting – the problem with centralization

[vc_row][vc_column width=”2/3″][vc_column_text]Recently, Robert Reich argued that the centralization of DNS on the “platforms of giants” has led to the vulnerability of the internet, as witnessed by the massive assault on DNS provider Dyn.  Last Friday’s attack led to problems accessing popular sites, including Twitter, Reddit, PayPal, and Netflix, and has left the world reeling. Our dependence on the internet and the scope of this attack drives the need for answers.

Reich argues that to prevent these colossal assaults, we need to retain the original structure of the internet – a widely distributed, decentralized system, which is counter to the belief that there is safety in numbers.

DNS hosting services have led to much greater centralization than the internet was originally designed, it is true. But this service has been essential to many organizations, including small business, which lacked domain expertise and capital.  Customers of hosting services have enjoyed enterprise-level hosting, including protection against denial of service, which requires specialized expertise.

But what happens when your DNS host is unable to protect you from the attack and indeed, your customers cannot reach your website BECAUSE you are on that service – you are drug down beneath the waves with your fellow tenants to drown?  This is where Reich’s analogy makes quite a bit of sense – and it begs a series of questions.  Do you become more vulnerable as each tenant is added?  Is the risk worth the reward?  Do you have the resources to go it alone and self-host, and should you?

If you are considering this potential strategy in the wake of the attack, you should know that you will actually be able to increase your DNS security by requiring a secure architecture that provides built-in protection against high volume DDoS attacks.[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_single_image image=”2526″ img_size=”500×600″ alignment=”center”][/vc_column][/vc_row]

Secure64 Appoints Dr. Joseph Gersch as New CEO

Former CTO & COO takes over from long-time CEO & founder

Greenwood Village, CO –  October 3rd, 2016 – Secure64, provider of the world’s most secure DNS products, announced today the appointment of Dr. Joseph Gersch, formerly CTO & COO of the company, as the new Chief Executive Officer, replacing long-time CEO and founder Steve Goodbarn.  Dr. Gersch also joined the Secure64 Board of Directors.

“Joe brings deep expertise and experience in the domain name system (DNS) and for years he has served as the company’s COO & CTO, where he directed all product development and support,” says Denny Georg, Chairman of the Board.  “Equally important, he has a vision of using the most ubiquitous database on earth to bring trust back to the Internet – and the board fully supports that vision.”

Joseph Gersch brings a broad background in technology, marketing, sales and management to the role. He joined Secure64 in 2004 and was named Chief Operating Officer in 2008; the title of Chief Technology Officer was added in 2014.  As COO & CTO, he led the vision and development of mission critical DNS products. Prior to joining Secure64, Joe spent 24 years with Hewlett-Packard where he held technical and sales evangelist roles, and managed Research & Development and Marketing departments that delivered a wide range of innovative products.  Joe earned a B.S. in Computer Science at the University of Michigan and an M.S. and Ph.D. in Computer Science from Colorado State University.

Secure64 also announced that Steve Goodbarn, former CEO, will remain on the board and serve as an advisor to the company. Steve served as CEO from 2005-2016 and during his tenure the company developed its line of highly secure DNS products now running on every continent. “DNS is mission-critical to the global Internet.  Because it is in every country, everywhere, DNS is an unparalleled platform for delivering global security and trust,” says Goodbarn. “Joe is the ideal person to grow the company, deliver next generation products and expand reach into new markets.”


About Secure64 Software Corporation

Secure64 is a DNS software company that provides the most secure DNS products in the world. Secure64 patented technology has been proven to be immune to compromise from rootkits and malware and resistant to network attacks that are the source of today’s most serious security threats.

Secure64 offers a suite of trusted and secure DNS software appliances for caching, signing and authoritative use. Secure64 products are currently used by government organizations such as the U.S. Departments of Commerce, Labor, and Interior and telecommunications companies including T-Mobile, Sprint, Century Link and Telefonica. Learn more at www.secure64.com or via phone at 303-242-5890.                          -END-

Secure64® Unveils DNS Cache and DNS Authority for x86

Secure kernel and built-in DDoS protection provide unmatched security for Linux-based platform

Greenwood Village, CO – August 4, 2016 – Secure64, provider of the world’s most secure DNS products, today announced the release of Secure64® DNS Cache™ for x86 and Secure64® DNS Authority™ for x86 featuring a secure Linux kernel and built-in DDoS protection.  Secure64 is extending its DNS security expertise, originally honed in the development of its Genuinely Secure micro operating system, SourceT, to the flexible x86 platform.

“Since our founding, Secure64 has been focused on providing self-defending DNS products that require no additional protection,” says Dr. Joseph Gersch, CTO of Secure64. “The new Secure64 x86 solutions feature a secure Linux kernel that completely eliminates entire classes of vulnerabilities, including buffer overflow attacks and remote code execution.  This capability completely neutralizes 93% of critical and 90% of high impact Linux vulnerabilities, greatly reducing the need for customers to drop everything and patch. Additionally, all Secure64 DNS products have powerful built-in protection against high volume DDoS attacks. These security capabilities reduce total cost of ownership because no protective security appliances need to sit in front of our DNS servers.”

Both Secure64 DNS Cache for x86 and Secure64 DNS Authority for x86 have license-controlled capacity and can scale up in software without requiring hardware upgrades.
To learn more about both products, visit:  www.secure64.com/products


About Secure64 Software Corporation

Secure64 is a DNS software company that provides the most secure DNS products in the world. Secure64 patented technology has been proven to be immune to compromise from rootkits and malware and resistant to network attacks that are the source of today’s most serious security threats.

Secure64 offers a suite of trusted and secure DNS software appliances for caching, signing and authoritative use. This means companies need no longer worry about expensive and embarrassing attacks from sophisticated hackers who compromise or hijack their domain names. Secure64 products are currently used by such government organizations as the U.S. Departments of Commerce, Labor, and Interior and telecommunications firms including T-Mobile, Sprint, Century Link and Telefonica. Learn more at www.secure64.com or via phone at 303-242-5890.

Secure64 Adds SIP Monitoring to Secure64® DNS Authority

Add-on automatically routes VOIP calls away from unavailable servers

Greenwood Village, CO – June 30, 2016 – Secure64, provider of the world’s most secure DNS products, has released the Service Optimization Module for Secure64® DNS Authority™, which added the ability to monitor the availability of SIP (Session Initiation Protocol) servers in real time, and automatically route calls away from servers that are unavailable.

DNS, the domain name system, is a mission-critical component of IP-based communication networks. When a VOIP (Voice over IP) call is placed, it is routed to a SIP server by using DNS lookups. The call setup time (the time it takes to get a call ringing) depends on the speed of response from both the DNS and the SIP servers. If a SIP Server is down, the call can take a long time to complete – and call set up time is a critically important metric to ensure high customer satisfaction.

“This add-on to the DNS server is simpler and more cost-effective than deploying general purpose traffic management solutions.” said Mark Beckett, VP of Marketing and Product Management at Secure64. “No additional device is needed to either buy or manage, lowering total cost of ownership.”

The Service Optimization Module is available now. To learn more, visit www.secure64.com/service-optimization-module .

About Secure64 Software Corporation

Secure64 is a DNS software company that provides the most secure DNS products in the world. Secure64 patented technology has been proven to be immune to compromise from rootkits and malware and resistant to network attacks that are the source of today’s most serious security threats.

Secure64 offers a suite of trusted and secure DNS products for caching, signing and authoritative use. This means companies will no longer have to worry about expensive and embarrassing attacks from sophisticated hackers who compromise or hijack their domain names. Secure64 products are currently used by such notable government organizations as the U.S. Departments of Commerce, Labor, and Interior and telecommunications giants including T-Mobile, Sprint, Century Link and Telefonica. To learn more about Secure64 visit  www.secure64.com .