In previous posts, Pat discussed the risks associated with BYOD, and a DNS-based approach for reducing those risks. Essentially this approach consisted of making use of an enterprise’s caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. Finding these C&C domains is something Nominum does quite well.
Nominum researches and continually discovers botnet C&C domains. Nominum offers the Network Protection Service, which provides a proprietary feed of botnet related and other malicious command and control (C&C) domains. To produce the industry’s best network protection feed, Nominum has established a dedicated security research team that is responsible for data collection, correlation and analysis and implementation of network protection algorithms. By virtue of Nominum’s global footprint, processing more than one trillion queries daily, Nominum is in a unique position to offer a truly real-time, adaptive, global feed of C&C domains. The security team uses this data and a variety of techniques and inputs, such as traffic pattern analysis, malware reverse engineering and nameserver reputation, to derive the feed. This feed is pushed to Nominum’s Vantio Caching DNS engine residing in-network, which then uses the feed to block and monitor C&C domains.
Recently, we introduced our Security Intelligence application, which provides in-network reporting on the monitoring and blocking efforts of the Network Protection service feed. Some of the benefits of this new application include:
- In-network threat reporting that doesn’t require sending data off the customer’s network;
- Visibility into the most prevalent and highest priority threats on a network helps prioritize security operations’ workload;
- Ability to search for infected users by IP address or network range helps identify and assist infected subscribers and businesses;
- Detailed threat information for all infected users helps identify the risks to subscribers and aids remediation efforts;
- Effective security monitoring while being unobtrusive on network resources.
If you would like to learn more about the Network Protection service and the Security Intelligence application, contact us at firstname.lastname@example.org.