Cisco Umbrella

Enterprise network security

Security

ABC’s of DNS

By Lorraine Bellon

Speed, security and safety through DNS

The Domain Name System (DNS) serves as the foundation to Cisco Umbrella’s cloud-delivered security. It lets us connect 100 million people every day to the Internet with confidence on any device, predict malware outbreaks, and provide scalable security enforcement and threat protection to users around the globe. So how does an Internet protocol invented 36 years ago serve so many purposes? In this post, I’ll be taking an in-depth look at DNS and DNS-based security – what it is, what makes it work, and how we use it to safely connect people to the Internet anywhere and anytime.

What is DNS?

DNS is the address book of the Internet. Computers identify themselves with an “Internet Protocol Address,” or an IP address. When you connect to websites, they also have an IP address. For example, the IP of the Cisco Umbrella website is 67.215.70.40. When you connect to this site, the address bar on your browser doesn’t show 67.215.79.40 – it shows umbrella.cisco.com – but if you type our IP address into your address bar, you still get to our website!

In that example, umbrella.cisco.com is the domain name. Domain names were invented by early Internet researchers so that they could avoid remembering long IP addresses – instead, they created more human-friendly names, like umbrella.cisco.com.

Your computer initiates about a thousand DNS queries every single day – websites, software updates, and even phone apps rely on the service. There are too many sites on the Internet for each computer to keep a complete list, so DNS servers act as an address book when computers look up domains. That’s the basic premise of DNS – when you want to connect to a website or other application server, it tells your computer which address to connect to.

Whose DNS am I using?

There are tens of thousands of recursive and authoritative DNS servers in the world. If you have never tinkered with DNS in the past, you probably use the recursive DNS servers of whoever provides your Internet. At your house, this may be a cable company. On your phone, it is your cellular provider. At the coffee shop down the street, it’s their Internet Service Provider.

Not all DNS services are created equally. If the recursive DNS service you use breaks, you cannot connect to websites. If the DNS service you use is slow, then your connection to websites will be slow. If your DNS servers are not up-to-date, then you may not be able to connect correctly to websites.

Cisco Umbrella (formerly OpenDNS) started its DNS service to provide everybody with the most reliable, safest, smartest, and fastest Internet connectivity in the world. If you want to take control of your DNS, learn how to set up protection on your personal home devices.

How can DNS be used to find malware?

Simply put, bad things like malware, ransomware, phishing and other scams rely on DNS, so we utilize the power of machine learning to search for, identify, or even predict these malicious domains.

What’s our secret sauce?

Honestly, it’s you! Umbrella gathers 180 billion internet requests from over 100 million enterprise and consumer users, across more than 190 countries every day, at the moment a request is made — which gives us a statistically significant data set. Plus, we leverage threat intelligence from Cisco Talos, one of the largest commercial threat intelligence teams in the world with more than 300 researchers.

Our real-time DNS data is also enriched with diverse public and private data feeds, giving us a unique window into the internet. We feed huge volumes of global internet activity into a combination of statistical and machine learning models to identify new attacks being staged on the internet. We use this data to predict emerging threats by analyzing how attackers leverage criminal infrastructures on the internet to launch attacks.

What is the power of DNS-based security?

Most companies leave their DNS resolution up to their ISP. But as more organizations adopt direct internet connections and users bypass the VPN, this leads to a DNS blind spot. DNS requests precede the IP connection, which enables DNS resolvers to log requested domains regardless of the connection’s protocol or port. Monitoring DNS requests, as well as subsequent IP connections, is an easy way to provide better accuracy and detection of compromised systems, improving security visibility and network protection.

Conclusion

DNS makes the Internet work. Although we rarely think about it, this quiet protocol controls our access to the Internet, making it important for our everyday security. Cisco Umbrella has been delivering reliable and safe DNS to millions of people around the world for thirteen years, with zero downtime, which is almost as incredible as DNS itself. It’s the fastest and easiest way to protect all of your users enterprise-wide in minutes. With no hardware to install and no software to manually update, ongoing management is simple.

Take Umbrella for a 14-day test drive

Experience it block more threats, speed incident response, and improve internet performance.

Get your Free Trial