Using DNS Data to Screen 50 (Undecillion) Shades of Gray

Identifying which websites are good, which are bad, and which fall somewhere in between is a growing cybersecurity nightmare.

istock 808157288

In an online world where cybercrime rates are soaring, how do you ensure you’re not inviting the bad guys in? Back in the dawn of the web -- 1983 when Internet Protocol version 4 (IPv4) debuted -- the potential attack surface was a mere 4.29 billion unique addresses. Fast forward 34 years and tens of billions of devices and websites later, and the new threatscape is IPv6, which can support 340,282,366,920,938,000,000,000,000,000,000,000,000 (340 undecillion) Internet domains.

Identifying which websites are good, which are bad, and which fall somewhere in between is a growing cybersecurity nightmare. Of the unique domains accessed per hour, infected networks have 15X the lookup rate of clean networks, according to one survey. According to a recent survey from Neustar, Inc., a global information services provider with more than 19 years of experience in managing DNS with over 40 billion queries answered daily, 75% of US- and UK-based organizations have experienced a DNS attack, 50% have uncovered some sort of DNS-based attack in the previous 12 months, and 86% of those attacked were hit more than once.

One of the traditional ways of protecting your online business is whitelisting, and its companion, blacklisting. A whitelist, including websites and email addresses, allows access to your online assets, while a blacklist blocks access.

White and black lists are known good and known bad, but the problem is that the online world is increasingly comprised of gray, said Neustar’s Chris Roosenraad, Director of Product Management for DNS Service. “We don’t know if a website should be black or white, so it becomes a question of how do you deal with shades of gray?”

With more than 2,500 enterprise and government customers -- in addition to three hundred million consumers -- of its security offerings, and managing more than 10% of all global DNS (website) traffic, being able to address these unknown or gray entities is a big focus of Neustar.

It’s IP Intelligence is the authoritative source of IP decisioning data on 99.99% of routable IP addresses worldwide.

“By looking at all that traffic, you get a true, real-world picture of what’s happening on the Internet,” said Roosenraad. By monitoring all this Web activity, the company builds up a database of DNS names and IP addresses, and timestamps, which it can then use to automatically determine if the traffic is legitimate or suspect, he said.

“Even though you don’t know that it’s good or bad, you get shades of gray that are able to point you in one direction or the other.” Using Neustar’s passive DNS data, DNS Analytics provides real world data on what is happening on the internet. “It’s a guide to what’s really happening online, and it’s based on real internet traffic,” Roosenraad continued. This provides the ultimate source of internet metadata.

The ability to improve decision-making about DNS activities is only one tool in the cybersecurity professional’s toolkit, but it is an important one. With billions, trillions, and ultimately undecillions of websites and devices coming online, being able to handle black, white and shades of gray will keep your online assets secure.

Author Bio: Steve Wexler has more than 30 years experience writing about the IT industry primarily for enterprise, SMB and channel, as well as marketing content for IT vendors.


Copyright © 2017 IDG Communications, Inc.