CircleID

Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched.

In the past few months, there has been a dramatic rise in Internet-based attacks, yet Cyveillance announced in early February that more than half of active malware and phishing threats on the Internet go undetected by browser based offerings, with an average detection rate of 37 percent for malware and 42 percent for phishing. This is only one data point for one kind of protection but offers evidence that it may be time to look at ways to supplement client based protections.

Service providers are in a unique position to deliver network based protections that improve upon existing security measures and offer recognizable value to their subscriber base. These services have the potential to increase attachment of subscribers to providers by demonstrating an active commitment to protecting them. Network-based protections can complement and enhance existing desktop software solutions and improve the current situation in many ways:

• Move security from reactive to proactive; deterring threats in the network can prevent subscriber devices from getting infected in the first place. Prevention is always better than cure!
• Blocked threats can trigger notification and display of "teaching" pages, shifting the security experience from passive to interactive. Informed users are less likely to require help desk resources and more likely to adopt additional protective measure while will improve their overall Internet experience and reduce their impact on the provider network.
• Provide leverage, a single server can protect many tens of thousands of subscribers and deployment can be highly automated
• Reduce the delay before protections are activated, the instant a new threat is identified the information can be propagated and enabled across the Internet.
• Take away the advantage attackers gain with "fast flux" whereby they constantly change IP addresses of their servers to evade detection
• Improve effectiveness by taking advantage of the diversity of data sources that track threats
• Enable protection for any kind of device, including devices for which client software is not available
• Become pervasive and normalize the disparate security solutions that exist today by providing consistent protection regardless of the application being used - browsing, mail, instant messaging etc.
• Offload security processing from subscriber devices, this is especially important for mobile devices where the processor, memory and battery are precious resources
• Ease what is now a complete burden on subscribers to manage their own security. Activating network based services is simple - with no need to download any software so high adoption rates are probable.

There are many ways in which network based protections could be implemented but leveraging the DNS is a promising alternative. Virtually every Internet transaction starts with a DNS query so it is a perfect place to implement security checks. Every application uses DNS and every Internet aware device supports it too. The DNS has scaled remarkably well and with the right software it is available 100% of the time, and meets performance challenges in the most demanding networks.

The DNS was also designed to accommodate constant updates and with software that is optimized to provide security checks a highly automated, scalable, extremely high performance system can be built. Combined with desktop solutions, this layered approach will greatly improve the user experience on the Internet by protecting subscribers from the bewildering array of threats.

Internet users are concerned about their safety online. Whether or not their fears are well founded is secondary to the fact that they are taking steps to protect themselves, and sometimes these actions actually make the situation worse. Isn't it time to consider supplementing existing protections?

By Bruce Van Nice, Director of Product Marketing

Related topics: Cyberattack, Cybercrime, DNS, Malware, Security, Telecom