Network threat protection specialist Cloudmark announced the launch of the Security Platform for DNS, which offers protection for the Domain Name System (DNS).
Security Platform for DNS is a software offering that safeguards DNS infrastructure and traffic from evolving network threats.
It can be implemented as a standalone security option or as an enhancement to existing security hardware and appliances, and performs real-time application layer behavior and content analysis to predict threats.
“DNS is currently rarely monitored from a security perspective, leaving it wide-open for abuse by malicious actors, who are able to make use of the fact that it passes through firewalls, can be used to bypass existing security controls, and exfiltrate data,” Neil Cook, chief technology officer at Cloudmark, told eWEEK. “It is critical infrastructure–without it the Internet doesn’t function, and end-users cannot use the Internet without DNS.”
Features include DDoS Attack Protection, which prevents distributed denial of service (DDoS) attacks and the associated Internet outages, mitigation and customer care issues and DNS Exfiltration Protection, which actively detects when DNS is being used to exfiltrate data by advanced persistent threats or malicious actors.
Other features include DNS Tunneling Prevention, which blocks DNS tunnels from being used to bypass network access or security controls, create reverse tunnels allowing infiltration, or bypass WiFi billing, while DNS Hijacking detects attempts to reroute DNS traffic to malicious domains or phishing sites.
Cook explained service providers could be at risk from infrastructure outages from DNS DDoS attacks, or from hijacking of customer CPEs or endpoints through compromise or malware, while enterprises could be at risk from data theft, bypassing security controls, lack of controls on botnet or advanced persistent threat (APT) command and control over DNS.
“Financial services are particularly at risk if they fail to secure DNS as a channel in the same way that they secure other protocols such as HTTP,” he added.
The Cloudmark Security Platform receives real-time updates from the company’s Global Threat Network, collecting and correlating threat data across world-wide deployments, and enhanced network performance helps assure protocol anomalies or malicious actors do not impact performance or allow unauthorized access.
Finally, built-in reporting provides alerting on detected threats and integrates with third-party reporting tools, including HP ArcSight and Splunk. Cloudmark uses a channel strategy to sell to enterprises, typically working with integrators or VARs who have existing relationships with enterprises, and typically focus entirely on security or have a security practice.
“Cyber-criminals use such a variety of techniques and protocols, it’s hard to categorize into Web threats versus other techniques,” Cook said. “We do see the continued evolution of spear phishing and evolution of APT technology from nation states into the hands of cyber-criminals as some of the most dangerous threats in the future.”