With corporate security becoming such a nightmare for so many different firms, it makes sense for companies to go beyond just passive malware and antivirus solutions. These days, it seems like no matter how careful people are, employees or others will eventually click on some kind of problematic or nasty component of a disreputable site, which could open the floodgates to all sorts of attacks on the network.
Sure, companies have invested in comprehensive antivirus and anti-malware software as well as firewalls, but today's experts are suggesting that there are other opportunities for controlling cyber threats before their Trojans ever gain entry to a network.
In a January 7 InfoWorld article, writer J. Peter Bruzzese promotes the idea that OpenDNS, a set of "proactive" enterprise security tools, can help provide more muscular defenses against all kinds of phishing, adding panache to this angle by evoking the Tom Cruise movie "Minority Report," where sci-fi cyborgs help to predict human crime. Bruzzese describes OpenDNS as a "big data analytics" tool and says the company has a "secret sauce" that will help block hackers from enterprise systems.
How it Works
Resources from the company show that OpenDNS works on the basis of a sophisticated filtering system that can help determine what individual IP requests actually are. The software also checks requests against a database of known phishing sites, and can automatically block a company network’s users from going there.
On the client side, OpenDNS administrators can set filtering levels, for example, from the low side filtering out just explicit material, to a "white list only" high security setting, using an available dashboard.
On Jan. 15, we talked to Stephen Lynch and Barry Fisher at OpenDNS about how the service stacks up to other options. Both mentioned that there are few companies out there working on security at the DNS level, and that enterprise options for OpenDNS go beyond what home users, get, for example, by installing an appliance or component at a network vantage point to get more granular information about DNS requests. This, plus the vast database of IP address information that OpenDNS maintains, is the engine of the security service.
Business Utility of OpenDNS
Ken Westin is a security analyst for Tripwire and a big fan of OpenDNS. Westin cites the large amount of traffic that the service has intel on (roughly 2% of all traffic) and the software’s ability to make judgement calls based on that data.
"OpenDNS can see patterns such as botnets connecting to a specific host, which could be a precursor to a large scale phishing attack." Westin says. "Because they are acting at the DNS level, they can block connections to hosts that are suspect based on patterns they are seeing in near real-time. Some of these controls could be thwarted by bypassing DNS and using direct IPs, but this definitely makes the attackers' job more difficult."
Of course, OpenDNS isn’t the only game in town for upping the network security ante.
Mike Chase, CTO of cloud services provider dinCloud, contends that OpenDNS "often lacks a robust infrastructure impervious to DDoS attacks" and steers users toward a range of resources he says cloud providers invest in heavily, including "hardened code" in proprietary security products (vs. an open-source model he finds more vulnerable to bugs), hands-on engineers, and anycast networking models.
Meanwhile, others in the industry are recommending a "security cocktail" involving OpenDNS and other resources — according to this philosophy, it’s not "or," it’s "and" that really protects systems.
Francis Turner is ThreatSTOP's Vice President of Research and Security. OpenDNS, Turner says, works great for the kinds of DNS blocking that can be done comprehensively, where the service steps in as the Domain Name Server. But with lots of malware traffic using "direct IP-to-IP communication" and, Turner says, getting around a DNS block, there’s a need for other tools in the overall infrastructure.
Turner calls the company’s ThreatSTOP tool a "cloud-based IP firewall update service" that helps network administrators to deal with the dynamic threats that can’t be contained by DNS blocking.
"ThreatSTOP is complementary to, and compatible with, OpenDNS since they operate on different network mechanisms." says Turner. "Working together, OpenDNS and ThreatSTOP provide a solution that stops these types of threats and data breaches and the consequent negative publicity that can accompany them."
A More Vigilant Workplace
In a world where cybersecurity is eclipsing all kinds of other business concerns, companies owe it to themselves to really take a hard look at where their networks are, and where they could be. From gluing shut USB ports in machines, to utilizing the power of cloud-based security products, IT pros are scrambling, right up to the CTO level, to get the right safeguards in place. Tools like OpenDNS can play a vital role in this business, in correcting for the naivete and the dalliances of a staff that might be tempted to blend work with pleasure on the Net, click on that innocent picture of the motivational Chihuahua, or respond to the next Nigerian Prince email. It’s no longer a matter of either "letting employees use the Web or not" — these kinds of smart, predictive technologies can help managers make sure that when workers are surfing instead of working, at least they’re doing it safely.