Learn How Trillions of DNS Requests Help Improve Security

Akamai’s global platform is comprised of 240,000 servers in 3,750 locations within 134 countries. Additionally, our platform interacts with 1.3 billion client devices every day and we ingest 2.5 exabytes of data a year. So why are these stats important?   

The answer is that this visibility provides Akamai with an unprecedented view of the Internet. More importantly, we use this data to feed our machine learning engines that enable our solutions to have the highest level of security and performance capabilities. 

Much of our machine learning is used to create up-to-the-minute threat intelligence that powers Akamai’s cloud security products, including Bot Manager, Kona Site Defender, and Enterprise Threat Protector.

In November 2017, Akamai acquired Nominum, a DNS-based security solution provider that supports many of the world’s leading carriers. By combining technologies and teams, it would enable Akamai to serve a larger base of carrier and enterprise customers with more comprehensive security products designed to identify, block, and mitigate cybersecurity threats such as malware, ransomware, phishing, and data exfiltration. 

Fast forward six months, and I’m excited to announce the first iteration of the efforts of the combined security research teams is now live in Akamai’s Enterprise Threat Protector service.

What’s new and how will it help Akamai customers?

Akamai now provides DNS services to carriers, more specifically Recursive DNS (rDNS) services. For the non-techies reading this, rDNS is what brought you to this page when you typed into your browser or clicked on the link in your search engine results. Pretty much anything you do on the Internet starts with a DNS query, which gets translated into the IP address of the server that hosts the resource you want to access.

We work with more than 130 service providers in over 40 countries, resolving 1.7 trillion DNS queries daily. In other words, one in every two DNS requests made every day is likely to be resolved by a service provider using our DNS technology.

More importantly, we have a combined threat research team that has years of experience analyzing vast amounts of DNS data for trends and identifying attacks. We have capabilities to:

  • Identify attack signals and validate known attack types while simultaneously detecting new, unknown, and unnamed malicious activity. That analysis is then used to create and deliver threat intelligence to carriers, allowing them to protect their subscribers. For example, we have a Domain2Vec algorithm that can automatically detect and identify brand new zero day malicious domains that are then added to the threat intelligence lists.
  • A dedicated Enterprise Security team that has developed proprietary algorithms to leverage the rDNS records that are delivered daily by the Akamai platform. For example, we have developed an algorithm that can quickly identify low throughput DNS exfiltration. 

When the two threat research teams started to work together, they quickly discovered that there was little overlap in the DNS data sets. The combined DNS data gives an unmatched global view of DNS traffic across North America, South America, Europe and Asia. This ensures threats observed in one region are quickly added to Akamai’s threat intelligence ahead of the threat propagating to other regions.

 In addition, the research expertise and the algorithms that each team had developed are extremely complimentary. This allows additional value to be derived from the DNS data which for Akamai customers translates into dramatically improved threat intelligence coverage.

For existing Enterprise Threat Protector customers, this integration significantly increases the capability of the service to proactively identify and block malicious DNS traffic and continue to deliver exceptionally low rates of false positive security alerts.

If you are not yet proactively monitoring and controlling your rDNS traffic, sign up for a free threat check to see what malicious traffic you might be missing on your network!

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: