SCIENCE
New SKYE Network Protection Service Does More to Clean Up Networks
- Written by: Webmaster
- Category: SCIENCE
Nominum has announced the SKYE Network Protection Service (NPS), a new service which provides a real-time feed of bot-related malicious domains that network owners can use to monitor and mitigate the impact of a wide variety of botnets that disrupt their networks, drain vital resources, and steal information. The new service is supported by Nominum's dedicated research team of network and security experts which leverage up-to-the-minute data from the company's global network in combination with proprietary algorithms to enable this real-time service. This continuously updated threat data in SKYE NPS is used, in real time, by Nominum Vantio Intelligent DNS Systems to deter botnet command & control activities and other malware, and block their propagation.
SKYE NPS makes it simple to deploy an extremely high performance, scalable, and accurate system to clean up networks by identifying and essentially 'declawing' botnets and other forms of malware. Deployment does not require any specialized equipment or changes to the network architecture. Unlike other solutions, SKYE NPS, does not have any impact on, or require access to network equipment such as routers to obtain flow information.
Preventing Widespread Damage
Like termites in a home, botnets quietly undermine a network. Nominum research shows a single bot can send hundreds of spam messages a day, clogging networks with useless traffic. The same data shows a bot can use nearly 20 times more DNS capacity than a normal end user. These problems raise bandwidth and infrastructure costs (routers, email and DNS servers etc). Bots are also implicated in nearly all DDoS attacks, causing service outages or slowdowns. Bots also raise network costs in other ways, generating phone calls when end users' PCs or network connections slow down and challenging support staff because they are hard to identify so resolution takes longer, escalating costs further.
NPS takes advantage of data gathered over Nominum's global network and continuously updates lists of botnet domains to reflect the very latest information. NPS data is automatically served, in real-time, with no operator intervention required, so network owners always have the latest threat data available in their network. Data is distributed in an encrypted format so that the information cannot be compromised.
NPS threat data is cross-correlated and checked for errors using special algorithms developed by Nominum to prevent inadvertent blocking of legitimate sites. The list is also vetted in the Nominum global network to prevent false positives and whitelists provide an additional safety valve. As a final protection, website owners who believe their website has been placed in NPS in error can ask an independent 3rd party, StopBadware, to review the status of their listing through a formalized review process. See today's press release "StopBadware & Nominum Partner to Fight Malware" for more details on this open and transparent approach. Provider-generated threat data can be incorporated into NPS as well.
"With our threat data and algorithms we can easily observe the impact of botnets. We've seen bots on the attack, instantly spiking DNS bandwidth consumption, and identified squadrons of bot infected devices," said Gopala Tumuluri, CTO at Nominum. "Network owners can act on this information and sever connections to botnet command and control resources to improve the resistance of their DNS, the health of their network, and the overall end user experience."
Pricing and Availability
This solution is implemented as software running on widely available open hardware platforms and operating systems. The entire solution is available now. Pricing is configuration dependent.