With so many new and varied devices such as smartphones, smartwatches, laptops, and tablets accessing your network, with a 2.9 device per-person average worldwide according to a Sophos survey, it’s no wonder there is concern with supporting only desired and approved communication. And with the total number of devices growing to 5 per internet user by 2017 according to Cisco, network traffic is going to continue to increase…dramatically.

 

Let’s see, what can we connect to the Internet next?

clip_image002

All these new device clients connected to the internet need a secure DNS (Domain Name System) architecture for reliable responses to where that desired app or service is located and available. So as the internet of things (IoT) turns into the internet of everything with not just people to machines but machines to machines, with BYOX anything, internet accessible forks, cups and fridges, and with wearables connected to the internet, there are exponentially more chances of malicious traffic accessing your network from the internal and external services you provide. Recently, HP released an Internet of Things study noting 70% of IoT devices were vulnerable to attack with an average of 25 vulnerabilities per product.

In a recent IDG Research survey sponsored by F5, 66% of network managers in charge of DNS services were highly concerned about Security…and, rightly so. The growth of apps and services for clients to access means more opportunities for attackers to use these locations as repositories for malware and viruses. When a user selects an app or service, downloads that file for reading, or clicks on the link to a see where it takes them, there is a possibility that the response contains malware or viruses unknown to the user. Machine to machine might share that response on file transfer and possible infections occur undetected.

 

Is that a filter or a firewall?

To keep your apps at peak performance for the best user productivity and service availability, malicious communication from rogue programs and web sites must be blocked. Many DNS offerings optionally protect from malicious communication by providing outbound domain filtering, although, it’s commonly called a DNS Firewall.

The actual feature is referred to as Response Policy Zones (RPZ), and it helps filter out domains with reputations for malicious activity. Those offerings, that let you choose a domain filtering service and import the database of IP addresses for blocking, give you the most flexibility in customizing where your users and those pesky viruses are able to navigate. RPZ should be a part of an overall strategy of securing your network landscape.

 

Mitigating unwanted communication on your network

When you want to start filtering domains out of your network communication, solutions like BIG-IP Global Traffic Manager (GTM) with DNS security, scale, performance, and control provides DNS firewall benefits including domain filtering with RPZ.

 

clip_image004

 

You can lower your risk of malware and virus communication on your networks and mitigate DNS threats by blocking access to malicious IP domains of your choice using a domain reputation service imported into BIG-IP GTM. In addition, with high speed logging and reporting of blocked domains, you now know which clients on your network have potential infections for rapid inspection and reduction of infection resolution costs.

By mitigating unwanted communication, BIG-IP increases app performance and user productivity with the desired traffic traversing your network. The BIG-IP platform is ICSA certified for network security, and it’s easy to select various DNS security services to increase your overall posture. So now you have confidence and control in allowing more Internet of Things to connect with your apps and services while you filter out and mitigate malicious communications.

 

Related:

DNS Reimagined keeps your Business Online

To learn more about how F5 BIG-IP solutions support DNS and App performance, visit:

Intelligent DNS Scale and Scalable, Secure DNS and Global App Services