Nominum Beefs Up Internet Security

Botnets, phishing, illegal content, malware ... wouldn’t it be nice to be able to detect and instantly protect against these threats right when they happen?

Nominum, a provider of intelligent network naming and addressing solutions, has tackled just that need with the delivery of the third generation of its Trusted Response and Universal Enforcement (TRUE) Architecture, which allows service providers to provide instant and automatic protection to end users against a wide range of Internet threats as soon as they are discovered.

Internet threats are increasing in number and magnitude. For example, a report just released by the Messaging Anti-Abuse Working Group (MAAWG) shows 25 percent of broadband networks are likely infected by bots, and these infections are responsible for 90 percent of spam. The report goes on to enumerate best practices for mitigating bot infections.

Leveraging the ubiquity of DNS with an Intelligent DNS system is necessary to overcome the increasingly dynamic nature of today’s such Internet threats, Nominum reasons. Attackers take advantage of the shortcomings of legacy DNS systems to continuously change the profile of their exploits in order to sustain their effectiveness and inflict broader damage on the Internet. To cite just one highly visible recent example, the Conficker worm, which has infected more than 10 million PCs around the world, used the DNS as a rendezvous point for command and control. This worm effectively turned the DNS into an ally of the attackers. Nominum’s intelligent DNS systems were able to track, block and isolate the Conficker worm and identify infected hosts.

The third generation TRUE Architecture adds the following capabilities:

• Personalized Services can be deployed across the provider network for compliance and protection by leveraging the highly scalable, data efficient, threat aggregation platform. Millions of discrete threats can now be monitored across the network and efficiently bundled into personalized service options for end users such as illegal content blocking, anti-phishing, botnet protection, parental controls and others. Nominum has already pre-integrated threat data to protect against Conficker and to prevent access to illegal child exploitation content on the Internet.
• Automated Provisioning of Threat Data across the Network enables network-wide policy enforcement against millions of malicious, illegal or inappropriate Internet destinations with no manual intervention. Automation reduces the delay, to as little as a few seconds, between the time a new threat is discovered and when it is acted on.
• Real-Time Visibility (RTV) for the first time gives service providers complete insight into network activity with logging, real-time analysis and reporting for every single DNS transaction without impacting performance and latency. These real time capabilities allow informed policies, based on detailed data, analysis and reporting, therefore making it easier to spot threats and proactively defend against rogue activity.
• Discovery Mode is a powerful risk assessment tool that is valuable for gauging the scope and sources of threats before taking enforcement action. For instance, botnet command and control sites could be monitored to find how many hosts are infected with botnet viruses and how often they access the command and control sites. This tool can also help study behavioral evolutions of various threats for better policy-making that leads to better protection for all end users.
• Confidentiality of Sensitive Data Feeds prevents inadvertent disclosure or theft of lists of Web sites hosting unwanted or illegal content, such as child exploitation images. Confidentiality is maintained end-to-end to eliminate the negative publicity and potential legal liability that disclosure would bring.