Using DNS to protect users in a hyperconnected worldUsing DNS to protect users in a hyperconnected world

The adoption of Internet of Things (IoT) devices is forecast to almost triple from 8.74 billion last year to more than 25.4 billion in 2030 and spread across all vertical business sectors and consumer markets. This is fueled, in part, by the arrival of 5G, which opens up a wide range of new use cases for IoT, including connected cars – predicted to be the largest segment of the global 5G IoT endpoint market by 2023 – and medical applications.

The consumer market currently accounts for around 60 percent of all IoT connected devices and is expected to remain at this level through to 2030; however, the split of what those IoT devices are doing is expected to shift over time.

Coupled with this, more ‘traditional’ devices, such as laptops and tablets, are being used for a range of different purposes, including video conferencing, because of the shift to home working caused by the Covid-19 pandemic – and this trend is expected to continue.

This ‘perfect storm’ presents network operators and internet providers with an ever-growing and evolving set of challenges to help their subscribers stay safe, as the growth in the use of IoT devices and online services also makes devices more attractive for malicious activities.

While some existing security solutions provide a level of protection, they weren’t generally designed for the new hyperconnected world. Some try to address the problem using on-device security solutions; However, full protection of smart homes, autonomous cars and other IoT devices through on-device security simply isn’t practical as people don’t want to continually update their devices.

Similarly, building security into the IoT devices themselves isn’t really an option as it would significantly increase manufacturing costs, and there often isn’t enough CPU or RAM available to support on-device protection. Additionally, this would push the responsibility onto device manufacturers, as they would need to provide ongoing software updates, which isn’t necessarily commercially viable for lower cost, high volume devices.

Consequently, we believe the best way to meet the end-users’ security requirements is a network-based approach. This is both simple, as there are no devices to manage individually and ubiquitous, because all devices are protected without having to install software on them individually.

No other existing approach can provide such thorough protection against malicious activities, including malware, phishing, harmful traffic, and other attacks to end-users and all their devices.

When you think of a network-based solution used by security vendors and internet providers you’re likely to think of deep packet inspection (DPI), which monitors and analyzes the content of data packets as they pass a control point in the network.

While effective, those based on DPI become very expensive at scale so, given the advance of 5G and IoT, internet usage and data levels will continue to increase, resulting in high costs. Also, inline solutions such as DPI, which rely on SNI or DNS being plaintext, will become ineffective as both SNI and DNS will increasingly be encrypted in the coming years.

Taking a DNS-based approach provides a much more scalable and effective alternative for network-based security solutions, as scanning DNS traffic offers a reliable way of blocking malware and protecting against malicious activities.

Figure 1:

DNS filtering can also help operators let end-users know if one of their devices appears infected, enabling them to take action. We outline this, and how DNS network-based security allows network operators and internet providers to address the ever-growing and evolving set of challenges they face in helping their subscribers stay safe in our latest OX Insight.

Not only does it explain how DNS offers a more scalable and cost-effective solution, but it also covers how it delivers a reliable way of protecting end-users.

Additionally, it looks at OX PowerDNS and gives an overview of how it provides reporting and analysis to identify and monitor ongoing attacks and emerging threats, all without the need for subscribers to download, install or update any software, making onboarding much simpler.

— Neil Cook, Head of Product, OX PowerDNS, Open-Xchange

This content is sponsored by Open-Xchange