Blog Post

Unlocking Locky

By Mikael Kullberg, Nominum Data Science

Locky

Posted on June 2, 2016 in: General, Network, Security

Tags: , , , , ,

Locky is a new cyberthreat that has received a lot of attention in security circles over the last few months because it has been unusually successful. Locky is advanced ransomware that encrypts a person’s files and holds them for ransom. It uses a number of different technologies to avoid being detected or blocked and takes great care to hide its path back to the attackers. The code is obfuscated to avoid detection by antivirus and malware software. The blackmailers communicate through TOR and only accept Bitcoin as payment, making it nearly impossible to discover who they are.

Read more

Blog Post

Abuse in New gTLDs

By Ali Fakeri-Tabrizi

Posted on September 4, 2015 in: Network, Security

Tags: ,

Nominum Research continues to refine algorithms, working toward more generalized methods to quickly detect “anomalous” activity that might represent DDoS, bots, or various other undesirable behaviors.  To simplify somewhat, algorithms examine high speed, real-time, data streams and compare a small window of incoming queries to a very large “normal” historical sample on a continuous basis.   Unexpected variations are flagged and relevant data is captured for further analysis.

Read more

Blog Post

Advantage DNS

By Thomas Orthbandt

Nominum Logo

Posted on January 17, 2012 in: Network

Tags: , ,

The DNS has played an essential role since the earliest days of the Internet, resolving an IP address when given a domain name.  Now it’s being considered for security applications.  There are many fundamental reasons why it makes sense:

Read more

Blog Post

The Power of the Control Plane

By Thomas Orthbandt

Nominum Logo

Posted on January 10, 2012 in: Network, Security

Tags: , ,

Today’s hackers are all about money, they constantly change the face of their exploits to maximize their returns.  These agile attacks require agile defenses.  Moving security protections into the network is essential to enabling more reliable updates of threat information; aggregation also provides significant scaling and manageability benefits.  DNS-based security protections improve agility because DNS queries are a leading indicator of security exposure; from a strategic vantage point the DNS participates in web transactions that provide visibility into the presence of security threats.

Read more

Blog Post

Smarter DNS Makes a Smarter Security Solution

By Thomas Orthbandt

Nominum Logo

Posted on December 20, 2011 in: Network, Security

Tags: , , ,

Network operators and IT departments constantly reassess their security exposure and evaluate the best methods for protecting their networks and end users.  New security solutions are always emerging to help them and one that’s starting to receive a lot of attention is the DNS.  That’s raising an obvious question: “how in the world does the DNS become a security platform?”.

Read more

Blog Post

A Better Way to Protect Networks and End Users

By Thomas Orthbandt

Nominum Logo

Posted on December 15, 2011 in: Network, Security

Tags: , , ,

Everyone agrees protecting Internet users from malware and social engineering exploits like phishing is a valuable thing to do.  At minimum these attacks are a nuisance because they degrade the Internet experience, worst case they can be costly and dangerous.  But protecting networks and end users is becoming more difficult because attackers are making their exploits more dynamic and thus harder to detect.  This is stressing some solutions, like client software, that have been a primary means of protecting end systems.

Read more

Blog Post

Resilient DNS: Maximizing Internet Performance and Preparing for DDOS (part 3 of 3)

By Thomas Orthbandt

Nominum Logo

Posted on December 8, 2011 in: Network, Security

Tags: , , , ,

Just as it’s important for service providers and enterprises to maximize the performance and availability of their caching DNS servers, it’s important for brand owners and IT departments to ensure the robustness of their Authoritative DNS.  Some of the issues are similar, but ensuring security of Authoritative data also has to be considered.

Read more

1 2