Skip Links

Secure Cloud Gateway: Using the Internet to Fight Cyber-Attacks

By Dan Hubbard, Chief Technology Officer, OpenDNS, special to Network World
December 20, 2013 11:13 AM ET

Network World - Cyber-attacks work the same way the Internet does, using the Domain Name System (DNS) to distribute malware, control botnets and phish login credentials. With the mainstream adoption of cloud services, bring-your-own-device programs and off-network workers, the attack surface has expanded beyond the traditional corporate network perimeter.

This device and network diversity has created an environment where organizations must protect any device, anywhere it roams. Today’s security platforms, which are plagued by reactive intelligence, gaps in enforcement, and the inability to integrate the two, can’t keep up. This has paved the way for a new category of cyber-security platform called a Secure Cloud Gateway (SCG).

A Secure Cloud Gateway uses a DNS-based foundation to provide broader security, improved coverage and deeper visibility.  

Legitimate Web browsing occurs on only two protocol (port) pairs — HTTP (80) and HTTPS (443). Yet malware is occasionally distributed over non-standard ports to infect devices, and botnets regularly use non-Web protocols to breach networks and steal data. A Secure Cloud Gateway uses DNS to provide protection across all ports, protocols and applications.

Today, threats are targeted, but the targets are everywhere. Unmanaged, personal devices routinely connect to the corporate network, while employees take company devices containing sensitive data off the network and roam outside the secure perimeter. By using DNS a Secure Cloud Gateway provides security coverage for devices regardless of the network or location from which they connect.

The appearance and behavior of cyber threats vary infinitely, yet they all originate from a finite number of Internet hosts. Some often share the same criminal infrastructures. To extract accurate security intelligence a Secure Cloud Gateway uses DNS infrastructure and Anycast routing technology to map every connection request across the Internet both spatially and temporally.

While the vast majority of Web domains can be classified as either safe or malicious, some Internet hosts are harder to classify. That’s because they store both safe and malicious Web content, or their Internet origins are suspicious. However, performing deep inspection for every Web connection significantly reduces performance. In addition, redirecting every Web connection can significantly reduce manageability. A Secure Cloud Gateway identifies high-risk or suspicious domains and uses DNS redirection to route them for deeper inspection.

Unlike Secure Web Gateway (SWG) appliances or services that send every Web connection through a proxy, a Secure Cloud Gateway only routes risky Web connections for deeper inspection. This concept is called Intelligent Proxy. Here’s how it works:

Scenario 1:  An employee attempts to visit site #1. A Secure Cloud Gateway has already determined that this domain is malicious, based on the risk score for the host. Perhaps the domain is related to an infrastructure known to be used for criminal attacks or there is a pattern where the domain is always requested after other malicious host requests. A Secure Cloud Gateway returns the IP address to its block page server instead of the malicious domain, thus protecting the organization’s network and data.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News