Sponsored By

Cloudmark Adds DNS Protection to Security Kit

Messaging security vendor sees an opportunity to steal market share from Infloblox, Nominum and others as it tweaks its security platform for DNS.

Sarah Thomas

October 7, 2014

3 Min Read
Cloudmark Adds DNS Protection to Security Kit

Mobile messaging security vendor Cloudmark is adding Domain Name System (DNS) protection to its platform of security services, in response to both growing attacks on the DNS and what it sees as an opportunity to take on traditional DNS vendors.

The DNS is as old as the Internet itself, made up of the IP addresses behind every domain name on the web, whether desktop or mobile. Cybercriminals are targeting DNS to take down an organization's infrastructure, steal intellectual property or launch distributed denial of service (DDoS) attacks, disrupting Internet service for employees and customers.

Cloudmark Inc. , which traditionally secures messaging service for operators, is announcing its move into DNS at a time when CTO Neil Cook says attacks are on the rise. In announcing its expansion, the company quoted NSFOCUS statistics that 42% of all DDoS incidents were DNS flood attacks in the first half of 2014. According to Cook, DNS is a "critical infrastructure component that is unprotected" and represents a big hole in most security strategies. (See Charter Internet Outages Blamed on DNS Problems, Cloud Providers: Beware DDoS Domino Effect and The Rising Tide of DNS Threats.)

Cook says Cloudmark's new multi-layered approach to DNS security can monitor it in real time to prevent attacks; stop the DNS from being used to exfiltrate data by malicious actors or DNS tunnels from being used to bypass security controls to do things such as roam for free; and detect attempts to reroute DNS traffic to malicious domains or phishing sites.

For more on important security topics, be sure to attend Light Reading's Mobile Network Security Strategies Show on December 3 in NYC.

Cloudmark's move into DNS security is not, of course, entirely altruistic. It sees an opportunity to take on a number of the established DNS security vendors, such as Nominum Inc. and Infoblox Inc. Cook says that most of the platforms on the market are still nascent and only protect certain layers of the DNS, and are largely not powerful enough to stop threats. (See Nominum Lessens Impact of DNS-Based DDoS Attacks and Infoblox Makes DNS a Line of Defense.)

"They offer pretty simplistic DNS protection, amongst other things, with simplistic policies that force the operators to write their own and figure out how to create white lists and black lists," says Cook, calling his new competitors "DNS infrastructure companies that have recently added security to their products."

From the point of view of Heavy Reading analyst and security expert Patrick Donegan, DNS is an area that still needs protecting. It may be too soon to tell if Cloudmark's security platform is truly differentiated in the space, but the need is real, and the timing is right.

"We have research demonstrating that attackers are increasingly focused on application-layer vulnerabilities such as the DNS," Donean says. "Therefore, service providers and enterprises are too. The industry has a pretty proven formula for handling volumetric, network-layer attacks, but application-layer attacks require a different approach. It makes sense for a security specialist like Cloudmark to be targeting this space."

— Sarah Reedy, Senior Editor, Light Reading

About the Author(s)

Sarah Thomas

Director, Women in Comms

Sarah Thomas's love affair with communications began in 2003 when she bought her first cellphone, a pink RAZR, which she duly "bedazzled" with the help of superglue and her dad.

She joined the editorial staff at Light Reading in 2010 and has been covering mobile technologies ever since. Sarah got her start covering telecom in 2007 at Telephony, later Connected Planet, may it rest in peace. Her non-telecom work experience includes a brief foray into public relations at Fleishman-Hillard (her cussin' upset the clients) and a hodge-podge of internships, including spells at Ingram's (Kansas City's business magazine), American Spa magazine (where she was Chief Hot-Tub Correspondent), and the tweens' quiz bible, QuizFest, in NYC.

As Editorial Operations Director, a role she took on in January 2015, Sarah is responsible for the day-to-day management of the non-news content elements on Light Reading.

Sarah received her Bachelor's in Journalism from the University of Missouri-Columbia. She lives in Chicago with her 3DTV, her iPad and a drawer full of smartphone cords.

Away from the world of telecom journalism, Sarah likes to dabble in monster truck racing, becoming part of Team Bigfoot in 2009.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like