Networking software company Nominum is set to take on the malware authors on over a new battleground - DNS itself.
The company has released the latest version of its so-called intelligent DNS software to improve ISP and corporate network defences against cyber-criminals. Nominum's VP of marketing and business development, Gopala Tumuluri said that there had been a change in emphasis over the last couple of years with hackers exploiting DNS to spread malware. "We seen is this change - DNS can be leveraged to protect against these attacks," he said. "For example," he said, "Conficker uses DNS from a rendezvous point for its command and control - DNS became a very clear accomplice in the spread of Conficker.
The new architecture, True, allows service providers to provide instant and automatic protection to end users against a wide range of Internet threats as soon as they are discovered. These threats include botnets, phishing, illegal content, and many other forms of malware.
Tumuluri said that there was a particular need to act with speed given the way that spammers can react so quickly, "The important thing is to the race against time - the 3rd generation of this software is based on the whole concept of race against time. We can identify malware within seconds."
The company has made a fundamental change to its architecture said Tumuluri. He added that one of the key elements of the new architecture was the way in which Nominum had reduced the overhead of its monitoring software so that it didn't have an impact on network performance. "This is the heart of what we do - we can now monitor what's going on in the DNS. Previously, there was a problem in turning on the visibility to see what was happening with the traffic as this crippled the DNS server - the user was caught between poor performance or poor security; the devil and the deep blue sea.
Tumuluri said that that Nominum had decoupled performance from visibility so monitoring what was on the network didn't lead to a slowdown in performance. And getting information about the type of traffic certainly helped security, he said. "As an example, we can spot things like an increase in MX queries. These are special type of queries from mail serve and when you see these spike, you know they're from spammers," he added.
Besides this real-time visibility, other key features of the new versions of the software include the ability to customise options to include features such as illegal content blocking, anti-phishing, botnet protection and parental control. Discovery Mode offers ISPs the ability to assess the risk before committing to the new architecture.
The software is available now and is aimed at both corporate users and ISPs, although pricing was not disclosed. "There are too many factors that determine the price," said Tumuluri.