Home / Industry

Nominum's Intelligent DNS Gives Service Providers Commanding Advantage Against Internet Threats

Nominum, the leader in intelligent network naming and addressing solutions, today announced delivery of the third generation of its Trusted Response and Universal Enforcement (TRUE) Architecture™, which allows service providers to provide instant and automatic protection to end users against a wide range of Internet threats as soon as they are discovered. These threats include botnets, phishing, illegal content, and many other forms of malware. By leveraging Intelligent DNS systems, the TRUE Architecture ensures Internet users have a safe, secure and efficient Internet experience and represents a new era for the DNS and its critical role in the Internet.

Leveraging the ubiquity of DNS with an Intelligent DNS system is necessary to overcome the increasingly dynamic nature of today's Internet threats. Attackers take advantage of the shortcomings of legacy DNS systems to continuously change the profile of their exploits in order to sustain their effectiveness and inflict broader damage on the Internet. To cite just one highly visible recent example, the Conficker worm, which has infected more than 10 million PCs around the world used the DNS as a rendezvous point for command and control. This worm effectively turned the DNS into an ally of the attackers. Nominum's intelligent DNS systems were able to track, block, and isolate the Conficker worm and identify infected hosts.

The third-generation TRUE Architecture substantially advances the state of the art with security measures unavailable in any legacy DNS system. A summary of the key features and benefits of the third generation TRUE Architecture is below:

  • Personalized Services can be deployed across the provider network for compliance and protection by leveraging the highly scalable, data efficient, threat aggregation platform. Millions of discrete threats can now be monitored across the network and efficiently bundled into personalized service options for end users such as illegal content blocking, anti-phishing, botnet protection, parental controls and others. Nominum has already pre-integrated threat data to protect against Conficker and to prevent access to illegal child exploitation content on the Internet.
  • Automated Provisioning of Threat Data across the Network enables network-wide policy enforcement against millions of malicious, illegal or inappropriate Internet destinations with no manual intervention. Automation reduces the delay, to as little as a few seconds, between the time a new threat is discovered and when it is acted on.
  • Real-Time Visibility (RTV) for the first time gives service providers complete insight into network activity with logging, real time analysis and reporting for every single DNS transaction without impacting performance and latency. These real time capabilities allow informed policies, based on detailed data, analysis and reporting, therefore making it easier to spot threats and proactively defend against rogue activity.
  • Discovery Mode is a powerful risk assessment tool that is valuable for gauging the scope and sources of threats before taking enforcement action. For instance, botnet command and control sites could be monitored to find how many hosts are infected with botnet viruses and how often they access the command and control sites. This tool can also help study behavioral evolutions of various threats for better policy making that leads to better protection for all end users.
  • Confidentiality of Sensitive Data Feeds prevents inadvertent disclosure or theft of lists of web sites hosting unwanted or illegal content, such as child exploitation images. Confidentiality is maintained end-to-end to eliminate the negative publicity and potential legal liability that disclosure would bring.

For details of an implementation of Nominum's intelligent DNS using the TRUE architecture please see this case study.

Paving the Way for New Services, Compliance with Government Mandates

The capabilities available in the third-generation TRUE architecture also offer service providers the opportunity to deliver baseline protections and new value-added security services to protect end user subscribers. Additionally, the capabilities allow ISPs to immediately and effectively comply with growing regulatory requirements, particularly against child exploitation content and illegal gambling sites. Service providers can implement network-based protections that supplement existing desktop security software offerings as well as extend protections to devices and applications that are not currently covered, such as mobile devices or game consoles.

"Security issues represent an obligation and an opportunity for service providers. With these new capabilities, Nominum removes all operational and deployment barriers for providers to deliver new services and meet government mandates in the shortest possible time," said Gopala Tumuluri, vice president of marketing and business development at Nominum. "By building on existing Nominum DNS investments, ISPs can deliver the additional services with minimum investment, and no changes to the network architecture."

About Nominum

Nominum

Nominum is the innovation leader in DNS software and Internet Activity Applications. The company's Vantio™ CacheServe software powers the Internet for the world's largest CSPs in 40 countries. Vantio™ ThreatAvert software arms CSP's with the power to stop the spread of inside threats such as botnets and DNS-based DDoS amplification attacks that could impact network availability and reputation. Nominum's N2 applications enable CSP's marketing and customer care teams to leverage subscribers' Internet Activity to better engage, build brand loyalty, improve marketing ROI, and open up new business models. Nominum is a global organization headquartered in Redwood City, CA. (Learn More)

Related topics: Access Providers, Cyberattack, Cybercrime, DNS, Malware, Security, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics

Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi