When it comes to digital transformation, an interesting paradox exists for Communication Service Providers (CSPs): great demand has been placed on their networks by over-the-top players, content providers and even device manufacturers, forcing providers to focus their efforts on network infrastructure projects to keep pace. At the same time, CSPs haven’t been able to concentrate on their own digital product and service offerings. While most of the world is moving to digital, CSPs have been hindered from implementing the necessary strategies and technologies to capitalize on this growing movement. Market demands have forced them to enable this shift while they anxiously watch from the sidelines—awaiting their turn. Now, the tide is turning as the capacity and cost efficiencies that providers have built into their networks are allowing them to re-focus and get in front of the digital transformation imperative.
Achieving digital transformation requires a new approach to business and technology. But it doesn’t have to require a major investment in time and money to do it effectively. What may come as a surprise to many is that DNS—which is commonly described as the “phone book” of the Internet, as it maps application requests and domain names with IP addresses—can be leveraged to accelerate this major shift and deliver a new set of competitive subscriber-centric services.
Guest post by Sue Rudd, Director, Service Provider Analysis, Strategy Analytics
Digital transformation means many things to many people—but to communication service providers (CSPs) today, it means not only moving to ‘All-IP’ networking and the Cloud, but also digitally transforming their networks and businesses to add value with more customer-centric innovative new services. While most CSPs around the globe appreciate this imperative, many are not sure how to achieve it. To help providers sort through the digital transformation maze, Strategy Analytics just published a new whitepaper that outlines some initial thoughts on the necessary technology and business strategy CSPs must adopt to remain competitive.
Nominum Data Science detected a huge wave of malicious DNS queries rolling across the Internet Dec 14 and 15 2015, adding to stress for service providers already have around the holidays. Since it’s one of the peak buying seasons on the Internet most networks are locked down and operations teams are on alert. Many unfortunately were probably not expecting a huge surge in DNS DDoS as it has been fairly consistent the past few months. ThreatAvert customers were protected but many other networks likely experienced adverse impact – substantial slowdowns or even outages for servers that saw high volumes of queries.
Android fans were probably chuckling over the XcodeGhost malware news – hackers don’t often penetrate Apple’s defenses. This provoked the Nominum Data Science team to take a look at what’s happening with malware targeting Android. Common wisdom is Android is exposed because there’s less rigor in the development and supply chain, and third party app stores with no protections are popular. Determined hackers can allegedly subvert defenses and get various kinds of exploits placed on mobile devices running the highly popular operating system. But what does the data show?
The DNS offers visibility into many kinds of Internet trends including various security threats. We’ve reported extensively on DNS DDoS and Nominum Data Science also tracks botnet activity. In this case queries for Command and Control (C&C) domains for the recently disclosed XcodeGhost malware were observed in September. Infected development tools were reported to have been used for the popular iOS app WeChat.
Nominum Research continues to refine algorithms, working toward more generalized methods to quickly detect “anomalous” activity that might represent DDoS, bots, or various other undesirable behaviors. To simplify somewhat, algorithms examine high speed, real-time, data streams and compare a small window of incoming queries to a very large “normal” historical sample on a continuous basis. Unexpected variations are flagged and relevant data is captured for further analysis.
Starting in late July 2015 there was a noticeable drop in the DNS-based DDoS activity that Nominum Data Science has been tracking for the last 18 months. As reported earlier, the beginning of 2015 saw a tactics change from large periodic bursts that attracted lots of attention at the end of 2014, to steadier traffic that took down targets with measured efficiency.
Working in Product Management allows me to travel around the world visiting with customers and prospects alike to identify and solve challenges facing today’s Internet providers. This typically includes engaging with individuals in a wide variety of domains – including marketing, customer care, product management, legal and network and subscriber security. Throughout these interactions, I have noted the emergence of a common theme – the challenges presented by siloed solutions developed to solve a single problem without consideration for the requirements of other departments and the business as a whole.
2014 saw numerous huge spikes in DDoS traffic – some as large as 5 billion queries per day across Nominum worldwide data set which covers around 3% of overall ISP DNS traffic. Extrapolating, this meant more than 150 Billion unwanted queries across the Internet on the peak days.