April 12, 2018 in
DNS: Why this 30 year old technology is suddenly the future of the Internet
Malware, phishing and ransomware attacks are at an all time high and only trending upwards. In 2017 alone, reported corporate damages were nearly $5B, 15 times greater than the $325M figure we saw in 2015. Unreported damages are estimated to have been scores higher.
Encryption on the Internet is being pushed hard — Google Chrome 68 will mark all non HTTPs sites as “not secure” in July 2018. Over 78% of traffic on Mac OS and iOS is now encrypted, and 81 of the top 100 sites on the web use HTTPs by default.
Between 2015 and 2020 we will see the number of public wi-fi hotspots grow 7x, from 64 million to 432 million. More than 1 billion new Internet users will join the global Internet community, growing from three billion in 2015 to 4.1 billion by 2020 — with Internet traffic expected to more than double.
We haven’t even gotten into the issues of net neutrality.
Why am I telling you this? What do all these numbers mean? Well — three things:
1.) Global security threats online are clearly on the rise and will not slow down anytime soon.
2.) Encryption is here to stay.
3.) The Internet isn’t even close to where it will be years from now.
For now and for the future, we need to look towards more progressive and scalable solutions that can grow as our needs change. Traditional hardware appliances and solutions are no longer effective against encryption, they are unscalable and static lists and databases are useless.
While not a new technology, DNS really is now more, more than ever, the future of network and Internet security. Why?
1.) DNS is one of the first layers of network security. It is literally the only solution that is able to stop threats before you ever access them.
2.) DNS is also capable of stopping many pre-existing threats within your network from communicating outwards.
3.) DNS requires no hardware or software to install, and is infinitely scalable.
4.) Because DNS is able to be applied globally, if you feed it with the right data on web site/domain categorization as well as threats, you are able to have a truly up to date solution 100% of the time.
The last point is important. DNSFilter is certainly not the only recursive DNS in the industry that offers content filtering and threat protection. However, we are one of the most progressive. We realized the need for up to date domain categorization data (the data that tells us if a web site is adult, news, social media, etc.) as well as threat intelligence (identifying phishing, malware domains, etc.) is just as important, if not more important than the DNS infrastructure itself.
The more accurate data you can feed in, the more secure of a solution you get out. This is why we acted to acquire Web Shrinker. DNSFilter has applied the Web Shrinker solution into our product and now is the only DNS provider in the industry using an in-house, artificial intelligence driven categorization engine. We use A.I. and machine learning to analyze domains in real time. This means we are able to catch far more threats than our competitors, whom generally rely on humans to analyze and categorize domains — often taking weeks.
Sales messaging aside, please do further research on DNS and it’s ability to be a great addition to your security stack. This is a service you will be hearing much more about in the coming years. Google did a great public write up for developers on this topic (https://developers.google.com/speed/public-dns/docs/security).
For home users, or those whom cannot afford a paid solution, check out Cloudflare’s service at 184.108.40.206 or Quad9’s service at 220.127.116.11. While they don’t offer any filtering or dashboard, they’re a good free option.