Mobile messaging security vendor Cloudmark is adding Domain Name System (DNS) protection to its platform of security services, in response to both growing attacks on the DNS and what it sees as an opportunity to take on traditional DNS vendors.
The DNS is as old as the Internet itself, made up of the IP addresses behind every domain name on the web, whether desktop or mobile. Cybercriminals are targeting DNS to take down an organization's infrastructure, steal intellectual property or launch distributed denial of service (DDoS) attacks, disrupting Internet service for employees and customers.
Cloudmark Inc. , which traditionally secures messaging service for operators, is announcing its move into DNS at a time when CTO Neil Cook says attacks are on the rise. In announcing its expansion, the company quoted NSFOCUS statistics that 42% of all DDoS incidents were DNS flood attacks in the first half of 2014. According to Cook, DNS is a "critical infrastructure component that is unprotected" and represents a big hole in most security strategies. (See Charter Internet Outages Blamed on DNS Problems, Cloud Providers: Beware DDoS Domino Effect and The Rising Tide of DNS Threats.)
Cook says Cloudmark's new multi-layered approach to DNS security can monitor it in real time to prevent attacks; stop the DNS from being used to exfiltrate data by malicious actors or DNS tunnels from being used to bypass security controls to do things such as roam for free; and detect attempts to reroute DNS traffic to malicious domains or phishing sites.
Cloudmark's move into DNS security is not, of course, entirely altruistic. It sees an opportunity to take on a number of the established DNS security vendors, such as Nominum Inc. and Infoblox Inc. Cook says that most of the platforms on the market are still nascent and only protect certain layers of the DNS, and are largely not powerful enough to stop threats. (See Nominum Lessens Impact of DNS-Based DDoS Attacks and Infoblox Makes DNS a Line of Defense.)
"They offer pretty simplistic DNS protection, amongst other things, with simplistic policies that force the operators to write their own and figure out how to create white lists and black lists," says Cook, calling his new competitors "DNS infrastructure companies that have recently added security to their products."
From the point of view of Heavy Reading analyst and security expert Patrick Donegan, DNS is an area that still needs protecting. It may be too soon to tell if Cloudmark's security platform is truly differentiated in the space, but the need is real, and the timing is right.
"We have research demonstrating that attackers are increasingly focused on application-layer vulnerabilities such as the DNS," Donean says. "Therefore, service providers and enterprises are too. The industry has a pretty proven formula for handling volumetric, network-layer attacks, but application-layer attacks require a different approach. It makes sense for a security specialist like Cloudmark to be targeting this space."
— Sarah Reedy, Senior Editor, Light Reading