Akamai Diversity

The Akamai Blog

Fighting Cybercrime with DNS

I recently sat down with Steve Saunders of Light Reading to talk about the role DNS plays in understanding and fighting emerging cyberthreats. In the interview, we went through the highlights of Nominum's, now part of Akamai, recent Data Science report, in which our Data Science team studied more than 15 trillion queries over a three-month period and reported on the world of cybersecurity through the lens of DNS, uncovering trends in phishing attacks, DDoS, the Mirai botnet, Locky ransomware, IoT-based threats and more.

As Steve and I discussed, Nominum, now part of Akamai, Data Science uses this information to provide industry-leading cybersecurity that protects entire service provider networks, which goes a long way towards keeping people and businesses safe online in today's fast-changing cyberthreat landscape.

Light Reading video

The Role of DNS in the Fight Against Cybercrime
DNS security has two distinct meanings. First, DNS is mission-critical infrastructure that all organizations rely on and cannot function without. Yet DNS remains a vulnerable component in the network that is frequently exploited as a launch platform for cyberattacks; it is also inadequately protected by traditional security solutions. When critical DNS services are compromised, the result is catastrophic network and system failures. Hence, DNS security must be applied to protect DNS servers.

Second, DNS plays a critical role in the present-day layered security design known as "defense in depth," where no single solution addresses all exploits and multiple approaches to cyber defense are needed. In today's threat environment, where organizations and individuals are being targeted, using traditional security layers in silos (cloud, network, data and endpoint protection solutions) does not provide adequate defense. Attackers are knowledgeable about how each layer works. Therefore, they know how to bypass each layer. By integrating DNS information into a smart security architecture, organizations can get visibility into areas of cyberspace that were previously obscure. Correlating DNS security events with events happening elsewhere in the infrastructure (endpoint, email, network, etc.) greatly improves the chance of detecting threats and preventing them in the future.

Mobile and IoT: A Global Phenomenon Expanding the Attack Surface
Traditional enterprise security architectures have been fundamentally challenged by the rise of the mobile workforce, a dramatic increase in the number of connected IoT devices and the increasing sophistication and speed of attacks. Since today's mobile workforce is constantly moving from network to network--public to private--there are serious security risks. Users can easily be infected with malware when they are outside of a business network (e.g. while working from home), and jeopardize the entire network when bringing the infected device back to work. DNS provides a valuable way to rapidly detect infected devices that connect to the network and can also be used to proactively protect these devices when off-network.

Nominum, now part of Akamai, ThreatAvert Powered by Data Science Predicts and Prevents Cyberthreats at the Network Level
The mobile workforce, IoT and the speed and sophistication of attackers have fundamentally challenged the cybersecurity industry. As a network-based technology that sees all outbound traffic, DNS should be a critical layer of defense in service provider network. Backed by our expert data science team, Nominum ThreatAvert uses the DNS query data provided by our customers to detect and track suspicious domains, such as command and control (C&C) servers and domains used by the Mirai botnet suspected of participating in the October 2016 Dyn DDoS attack. ThreatAvert adds over 100,000 suspicious domains to our block list every day; false positives are weeded out automatically.

As threats and malware authors continue to innovate, so too will Nominum Data Science. Our global team of experts shares a relentless determination to protect unsuspecting victims from cyberthreats while providing the most secure DNS in the world, without compromising performance or adding latency.

Watch the Light Reading interview here.