New Service to Protect Networks from Botnets

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Nominum has created a real-time feed of bot-related malicious domains that network owners can leverage to block the propagation of botnets and other malware.

Nominum, a provider of intelligent Domain Name System (DNS) solutions, is hoping to use its power to cut botnets off at the knees by blocking access to malicious domains on a massive scale. The Redwood City, Calif.-based company announced today a new service that provides real-time identification and mitigation of botnets.

"With our threat data and algorithms, we can easily observe the impact of botnets," said Gopala Tumuluri, chief technology officer (CTO) at Nominum. "We've seen bots on the attack, instantly spiking DNS bandwidth consumption, and identified squadrons of bot-infected devices. Network owners can act on this information and sever connections to botnet command and control resources to improve the resistance of their DNS, the health of their network and the overall end-user experience."

Botnets are networks of compromised computers that perform tasks, such as sending spam or perpetrating distributed denial of service (DDOS) attacks without the knowledge of their owners. A single bot can send hundreds of spam messages a day, according to Nominum, and botnets often include thousands or tens of thousands of bots. Nominum said bots also use nearly 20 times more DNS capacity than a normal end-user, raising bandwidth and infrastructure costs.

Nominum's new offering, the SKYE Network Protection Service (NPS), provides a real-time feed of bot-related malicious domains. Network owners can use the feed to monitor botnets and mitgate their impact.

"We gather data about botnets over a global network that we have," said Bruce Van Nice, product marketing director at Nominum. "We aggregate it and validate the data."

Nominum Vantio Intelligent DNS Systems can then use the continuously updated threat data from the feed in real time to deter botnet command and control activities and other malware and block their propagation.

"We're taking the general notion of applying security policy and we're applying it to the DNS," Van Nice said.

A DNS request is the first step to accessing most of the resources on the Internet. Nominum said that since its software powers the majority of the Internet's DNS lookups, it is in a unique position to prevent end-users from accessing malicious domains—like those that host botnets' command and control servers—on a massive scale.

Nominum added that the service requires no specialized equipment or changes to the network architecture. Nor does it require access to network equipment, such as routers, to obtain flow information.

To ensure its information is correct, Nominum uses special algorithms to cross-correlate the NPS threat data and check it for errors. In addition, Nominum uses its global network to vet the list to prevent false positives. Whitelists are also used to help prevent the blocking of legitimate sites.

Additionally, Nominum also announced today that it will use StopBadWare, a nonprofit organization, to provide a formalized review process for NPS listings. Website owners who believe their Website was erroneously placed in the NPS can turn to StopBadWare to review the status of their sites.

"Our whole objective in doing this was to deploy this solution in a very responsible way," Van Nice said. "This has been a real focus of ours all along."

StopBadWare was originally a project of Harvard University's Berkman Center for Internet & Society, and was spun off as a standalone nonprofit organization in January with the support of Google, PayPal and Mozilla. Paul Mockapetris, Nominum's chairman and chief scientist, joined StopBadWare's board of directors last month.

"StopBadWare has a track record of helping companies effectively and responsibly protect consumers from badware," Mockapetris said. "This aligns with Nominum's goal of using our advanced technology and market leadership to make the Internet safer for everyone."

Thor Olavsrud is a contributor to eSecurityPlanet.com and a former senior editor at InternetNews.com, covering operating systems, standards and security.

Follow eSecurityPlanet on Twitter  @eSecurityP.

Submit a Comment

Loading Comments...