Defending with DNS
Block Bots — Freeze Phishing — Prevent Malware
……without loading software onto a single device
Most conversations about the DNS focus on how to protect this mission critical resource. But the DNS can also be used to DEFEND the network and its users.
THE DNS KNOWS when there are infected devices and where there are botnets consuming bandwidth, even if those botnets are on IoT devices. How?
Early bot communication was IP based and used static IP addresses to contact their Command-and-Control server to get marching orders. It was easy to neutralize these bots forever by using a simple IP blacklist. But modern bot software uses the DNS to look up the IP address of the C&C server, making the DNS the ideal security policy enforcement point to block bot communications and NEUTRALIZE them.
Impact of Phishing, Malware & Bots
Even though Service Providers do not own the infected devices on their networks, they pay a multi-dimensional price for the activity these devices generate:
- • Bandwidth/spectrum lost to bad traffic
- • Network congestion impacts all customers
- • Increased customer support costs
- • Increased customer churn
- • COMING SOON – Government Regulation
DNS Detects and Blocks the Attack
The Problem with the Internet of Things
In the last quarter of 2016, the world began to realize the cost of the IoT. With the launch of a series of massive DDoS attacks against security researcher Brian Krebs, then against DNS provider DYN, French ISP OVH, German telco Deutsche Telekom and British telco TalkTalk, the complete lack of security on IoT devices became apparent.
IoT devices were built without security in mind and trying to retrofit them with security software does not work because of the small surface of the firmware. An extremely effective way to prevent infected IoT devices from causing any harm is to detect and block them at the DNS.
Introducing Secure64 DNS Guard
Secure64 has teamed its deep DNS security knowledge with intel from leading security companies to bring Secure64 DNS Guard, a security service that identifies and blocks malware, phishing and bots. Learn more about DNS Guard here.