ThreatSTOP

Subscribe to ThreatSTOP feed
Updated: 7 min 8 sec ago

Internet Pioneer Discusses Creation, Expectations and Security of DNS on its 33rd Birthday

Wed, 06/22/2016 - 17:26
Internet Pioneer Discusses Creation, Expectations and Security of DNS on its 33rd Birthday“The Internet community has let legacy infrastructure designs constrain the future.”

Carlsbad, CAJune 23, 2016 – 33 years ago today, Paul Mockapetris, inventor of the Internet Domain Name System  watched the DNS take its first steps. This critical development would open up what may be the world’s most utilized and important technological development for a mass audience. Did he understand the importance or impact that DNS would have when it was created?

“I think I saw the potential importance more clearly than the traditional ARPAnet era folks, who were busy replacing the old NCP protocols with IP and TCP,” noted Mockapetris, now Chief Scientist at ThreatSTOP. “So I was very happy to take on the design job and build something quite beyond the task given me.”

By 1983, he had already spent 15 years designing distributed systems at what would become the Media Lab at MIT, Draper Labs, IBM, and the Distributed Computer System at UC Irvine. So he did expect his creation to be used across the Internet to manage a distributed operating systems and applications. DNS was really meant to manage a heterogeneous distributed, federated cloud and its services.

Something Mockapetris did not expect was the whole marketing and branding of names. “I guess I should have taken some classes in business and marketing,” he joked.  His biggest surprise was that the research agencies in the late 80s and 90s didn’t see naming systems and DNS in particular as merely the first steps in an Internet naming architecture. The original design had many places where next steps and additional mechanisms were indicated, and never were taken. Recent work in named data networking has revived this field a bit.

"If I'd been told in 1988 what the DNS would eventually be used for, I would have said it wasn't possible,” said Dr. Paul Vixie, Internet pioneer and CEO of Farsight Security, Inc. "Almost all Internet activities, whether for good or evil, begin with a DNS lookup. Defenders who can monitor, and control, and investigate their use of DNS can by extension monitor, and control, and investigate their relationship to the Internet itself."

The DNS was introduced during the transition from the ARPAnet to the IP/TCP based Internet, and was the largest single architectural innovation of that transition. As a critical infrastructure, DNS has been subjected to many attacks and misuse, but in today’s hardened form, it is seen as an essential tool for implementing security.

Security was intentionally left out of the initial design, along with several other functions. DNSSEC is a next step, but is very heavy weight and doesn’t solve current problems like DDoS.

“The Internet community has let legacy infrastructure designs constrain the future,” notes Mockapetris. “For example, the 512 byte datagram limit of 1983 should be more like 500 Megabytes if we adjust for the million-fold increase in transmission speed in today’s Internet, though I’d settle for 512K bytes. We are giving up on datagrams because of DDoS – while I understand the argument, I’m not ready to surrender yet. There’s a lot of room for innovation here. It’s as if we are requiring DNS to support paper tape and floppy disks.”

Mockapetris now provides guidance to the ongoing product innovation process for ThreatSTOP, and leads research into DNS-based security. “Effective security requires real-time threat intelligence that is distributed to all of an enterprise’s enforcement devices whether they are routers, firewalls, application delivery controllers, or servers. DNS is an ideal vehicle,” said Mockapetris. “Fielding powerful, scalable security tools that leverage the ubiquity of DNS to protect organizations of all sizes is critical.”

About ThreatSTOP

ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device and workload on a network from cyberattacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service leverages market-leading threat intelligence to deflect inbound and outbound threats, including botnet, phishing and ransomware attacks, and prevents data exfiltration. For more information visit www.threatstop.com.

CONTACTS: Michael Becce, MRB Public Relations, Inc.
mbecce [at] mrb-pr [dot] com | (732) 758-1100 x104

Brigitte Engel, ThreatSTOP
bengel [at] threatstop [dot] com | (760) 542-1550 x4394

ThreatSTOP Protects Workloads in Microsoft Azure with New Cloud-based DNS Firewall

Wed, 06/15/2016 - 00:35
DNS Firewall continuously blocks threats and prevents data theft for cloud workloads

Carlsbad, CAJune 14, 2016ThreatSTOP, Inc., a cloud-based network security provider, today announced the availability of its industry-leading automated threat protection service, the ThreatSTOP DNS Firewall, in the Microsoft Azure Marketplace. In use today by some of the world’s largest organizations, the ThreatSTOP DNS Firewall continuously protects cloud workloads against ransomware, phishing and other attacks, and prevents networks from communicating with command and control.

ThreatSTOP provides proactive protection for organizations migrating to the cloud with the ability to enforce security policies across on-premise, cloud, and hybrid deployments. The ThreatSTOP DNS Firewall provides flexible outbound protection against threats using malicious IP addresses and domains, including wildcards, and provides granular control over actions taken. Threat actions include block, log, and redirection to a walled garden based on DNS query data and resolution path.

“DNS has been central to configuring and accessing Internet services for over 30 years, and today’s Internet requires DNS firewall functionality to keep the enterprise secure,” said Paul Mockapetris, inventor of DNS and Chief Scientist for ThreatSTOP. “Enterprises can use virtual DNS firewalls in their own or a provider’s cloud and stop worrying about maintaining dedicated servers or appliances and their spare parts. DNS Firewall as a Service is here today.”

ThreatSTOP DNS Firewall automatically delivers live threat intelligence to virtual networks in Azure to protect cloud workloads from the latest threats based on user-defined policies. With ThreatSTOP, users customize and manage security policies composed of threat types, severity levels, and user-defined block lists and whitelists. Real-time detailed reporting on malicious activity blocked and machines affected speeds remediation.

“As organizations move workloads to the cloud, they want enterprise-class enhanced security to better protect against the latest threats,” said Gareth Bradshaw, Senior Program Manager for Azure Networking. “ThreatSTOP provides customers with the ability to create customized security policies to protect cloud workloads and virtual desktop infrastructure from the latest inbound and outbound threats. We’re excited to have ThreatSTOP join the ecosystem of security providers in the Azure Marketplace.”

ThreatSTOP delivers a highly scalable defense against advanced cyberattacks by leveraging the power of DNS to protect every device and workload across on-premise and cloud-based networks. More than 900 companies trust ThreatSTOP to protect their networks today. The ThreatSTOP service enables a physical or virtual firewall to deflect inbound attacks, and enables both firewalls and DNS servers to prevent infected hosts from communicating with threat actors trying to extract or alter data. The service is cloud-based, updates automatically and works with leading firewalls and DNS servers.

See ThreatSTOP Founder and CEO Tom Byrnes speak at Microsoft Ignite, and visit booth #314 for a live demo.

About ThreatSTOP

ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device and workload on a network from cyber attacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service leverages market-leading threat intelligence to deflect inbound and outbound threats including ransomware, phishing and botnet attacks, and prevents data exfiltration. For more information visit www.threatstop.com.  

 

CONTACTS:
Michael Becce, MRB Public Relations, Inc.
mbecce [at] mrb-pr [dot] com | (732) 758-1100 x104
Brigitte Engel, ThreatSTOP
bengel [at] threatstop [dot] com | (760) 542-1550 x4394

SANS “What Works” Webinar with John Pescatore

Tue, 04/19/2016 - 18:14
Overview

Press coverage tends to focus on breaches companies that have failed to protect their business systems and sensitive customer data. However, many enterprises have invested in improved processes, more advanced security products and threat-driven prioritization approaches to show immediate and measurable increases in both the effectiveness and the efficiency of their security programs.

During this SANS What Works webcast, Ken Compres of - Hillsborough Community College District will provide details of his deployment of ThreatSTOP to enable continuous monitoring of advanced targeted attacks, supporting faster and more accurate detection, reduced impact and demonstrating benefits to increased integrity and availability of critical business processes.

Join SANS Director of Emerging Security Trends John Pescatore and Ken Compres to hear details on the selection, deployment and experience using ThreatSTOP. The webcast will contain a discussion of lessons learned and best practices as well as detail the metrics used to demonstrate the value of ThreatSTOP.

More information about this even is available at https://www.sans.org/webcasts/102202

Speaker Bios

John Pescatore

John Pescatore (moderator) is the director emerging security trends for the SANS Institute. A former vice president and distinguished analyst at Gartner, Pescatore has over 30 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems and a security engineer for the U.S. Secret Service and the National Security Agency.

Kenneth Compres

Kenneth Compres is the Sr. Information Security and Integrations Engineer at Hillsborough Community College. Also serves as an associate professor of Cyber security at Mercy College and Bloomfield College in New York. At Bloomfield College, He serves as the subject matter expert for curriculum development for Cyber security and information assurance and security programs. He developed the current Disaster recovery plan for the Department of veteran’s affairs in New York harbor, New York. He has developed several “code behind” for security monitoring at the VA hospital in New York. Mr. Compres has several research publications in IEEE (IT Governance, Compliance and Auditing Curriculum--A Pedagogical Perspective). Mr. Compres holds a Master’s of Science with a concentration on Cyber Security from Mercy College, and a Masters in Digital Forensics from the University of South Florida. He is also Global Security Leadership Certificate (GSLC), Fortinet Certified Network Security Administrator, Fortinet Certified Network Security Professional, Certified Ethical Hacker, Network+, Security+, A+, CCENT. Currently pursuing a PhD in Computer science from NOVA. Kenneth Compres has been a guest speaker in New York’s Security in the Workplace (2010, 2011), FireEye, Changing the security landscape, Orlando 2015, Information security today. His most recent publication was published by Hillsborough community college “Managing your digital footprint” October of 2012.

Tags: eventswebinarSANSInterview