Protecting company data with a workforce that is increasingly more mobile is a difficult task. Today, OpenDNS announced a feature update that will further the company’s long-term goal to recreate the network security stack in the cloud and protect endpoints no matter where employees use them.
For years, malware authors relied on large numbers of cheap domain names to serve their attacks, because registrars can easily block or take down domains determined to be malicious. A small percentage of targeted attacks, however, use hardcoded IP addresses to initiate communication from within a company’s network, which bypasses the DNS security layer. OpenDNS Senior Product Marketing Manager Barry Fisher says IP enforcement will be key in this small percentage of attacks, providing protection for endpoints that are not on a company’s network or not always connected to a VPN.
A recent example of direct-IP attacks include the Trojan “Upatre,” which uses direct IP connections to initiate further malware installs. In recent attacks, it delivered the Dyre trojan, which steals banking login credentials from infected computers. According to Fisher, this type of attack might be prevented if an employee is on a company network behind a firewall, but many security solutions only work on certain ports and only when an employee is working on site. Alternatively, OpenDNS’s IP layer enforcement provides protection over any port, and from any location through the use of the OpenDNS Roaming Client, an endpoint client that acts as a DNS request forwarder.
IP layer enforcement works by checking traffic against a comprehensive list of suspect IP addresses from an OpenDNS threat intelligence database in realtime. If traffic from an endpoint matches an IP from the suspect list, it injects a route to OpenDNS servers and blocks the connection if it is malicious.
The IP layer enforcement feature is an update to OpenDNS Insights, Platform and MSP packages. Click here to find out more.