Security Graph is OpenDNS’s technology that automates protection against both known and emergent threats. It analyzes a cross-section of the world’s Internet activity to observe attacks being staged before an attack is launched. This predictive intelligence powers our enterprise security product—Umbrella.
The Global Network is OpenDNS’s infrastructure that handles more than two percent of the world’s daily Internet requests with proven 100 percent uptime. It enforces security policies with no added latency, and in minutes covers any device worldwide, for our enterprise security product—Umbrella.
OpenGraphiti is an interactive open source data visualization engine. It enables security analysts, researchers and data scientists to pair visualization with Big Data to create 3D representations of threats. Much like virologists use known patterns of diseases to recognize a particular virus, OpenGraphiti can uncover sophisticated behaviors and relationships associated with attacks.
Research has proven that many people process information more efficiently when it is presented in visual rather than textual form. According to one study, the human retina can transmit data at roughly the rate of an Ethernet connection. The OpenGraphiti engine enables 2D and 3D visualization of data by harnessing the computational power of both Central Processing Units (CPUs) and Graphical Processing Units (GPUs), a technique most commonly seen in the video game industry. The engine allows for the visualization of any data, however loosely related, in a medium that is easy to generate, navigate and articulate.
The OpenGraphiti engine and methodologies have been used by OpenDNS to analyze many threats including Cryptolocker and CryptoDefense ransomware, Red October malware, and the Kelihos botnet. It has even provided visualization to trace specific Syrian Electronic Army (SEA) campaigns.
For more information, visit opengraphiti.com.
Background: The need for a better DNS security
DNS is one of the fundamental building blocks of the Internet. It’s used any time you visit a website, send an email, have an IM conversation or do anything else online. While OpenDNS has provided world-class security using DNS for years, and OpenDNS is the most secure DNS service available, the underlying DNS protocol has not been secure enough for our comfort. Many will remember the Kaminsky Vulnerability, which impacted nearly every DNS implementation in the world (though not OpenDNS).
That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak — particularly in the “last mile.” The “last mile” is the portion of your Internet connection between your computer and your ISP. DNSCrypt is our way of securing the “last mile” of DNS traffic and resolving (no pun intended) an entire class of serious security concerns with the DNS protocol. As the world’s Internet connectivity becomes increasingly mobile and more and more people are connecting to several different WiFi networks in a single day, the need for a solution is mounting.
There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we’ve always wanted to fix. Today we can.
Why DNSCrypt is so significant
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don’t work in the security world, however, so we’ve opened up the source to our DNSCrypt code base and it’s available on GitHub.
DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.
The Global Internet Speedup is a worldwide technology effort, led by OpenDNS and with the cooperation of Google and leading content delivery networks, to make the Internet faster. Through more transparency and collaboration OpenDNS was able to spearhead the enhancement of the Internet experience for millions of people around the world.
How it works:
Speed matters on the web and as bandwidth requirements continue to increase, the best way to make sure the web stays fast is to bring the content as close to the users as possible. This decreases latency to high-bandwidth content like video and allows for a more efficient utilization of Internet capacity world-wide.
The domain name system (DNS) plays a key role in helping make sure users get to the right resources. Often times, popular resources exist in many places. This way more people can access content at the same time, and more quickly. The Global Internet Speedup is the name we have given the numerous leading Internet companies who have agreed upon and implemented the proposed standard which enhances the DNS to improve the Internet for users around the world.
OpenDNS CacheCheck is the first-ever tool to allow Internet users insight into what is happening in their DNS and empower them to manually refresh DNS caches on their own. When a domain is failing and a website appears to be down, Internet users can simply refresh the massive OpenDNS caches and update them with the most current addresses for websites, in many cases enabling access automatically.
This innovation is also tremendously valuable for website administrators and operators, as it empowers them to enable access independently (a task previously requiring the assistance of an ISP).
OpenDNS SmartCache is the world’s most intelligent caching system. SmartCache makes Web sites that are effectively down for others accessible only on OpenDNS.
SmartCache uses the intelligence of the OpenDNS network at large, providing DNS service to tens of millions of people around the world, to locate the last known correct address for a Web site when its authoritative nameserver is offline or otherwise failing. A common occurrence, authoritative DNS nameserver outages often take major Web sites offline for hours or even days at a time, making them inaccessible on the Internet. One example of such an outage resulted in popular Web site Amazon.com inaccessible for several hours.
SmartCache changes that and renders authoritative DNS outages irrelevant for OpenDNS users. People accessing the Internet on networks running OpenDNS will be able to load Web sites while they are experiencing authoritative nameserver outages — when the rest of the Internet cannot.
The World’s First IPv6-compliant Open Recursive DNS Service
Get Your Network Ready for IPv6
The last block of IPv4 addresses have been allocated, and it’s time to get your network ready. OpenDNS now supports IPv6 addresses — meaning that, by using the OpenDNS Sandbox, you’ll be able to resolve your DNS using IPv6 DNS servers.
IPv6 supports a far larger number of addresses than IPv4, which is why the change is taking place now — since IPv4 was implemented in 1981, the Internet has grown dramatically, and there are no more available IPv4 addresses.
PhishTank is the first and most successful collaborative clearinghouse for data and information about phishing on the Internet. PhishTank is based on the idea that security researchers, exploited brands, technology developers, academic institutions and Internet users are stronger together in fighting phishing than they are on their own.
PhishTank works by allowing any individual or group to submit suspected phishes. The community votes on the accuracy of submission — is it a phish or a legitimate website? When the phish has been appropriately verified as a fraudulent and dangerous website, it is added to a feed. PhishTank makes all data about phishing open and accessible via an API so that other developers and organizations, including Yahoo!, Mozilla, Microsoft and leading academic institutions, can work together in the fight against phishing.
Domain Tagging is the first and most powerful people-powered Internet security system. It uses the intelligence of the greater OpenDNS community, which includes security researchers, academics, IT professionals and concerned netizens, to perform a security function. Community members submit domains into the system and tag them with a category such as “gambling,” “hate,” “video sharing” or “social networking.” Other community members vote on the accuracy of the submitter’s tag. Ultimately OpenDNS users can use the system to block categories of content on their networks.
The Domain Tagging community is tens of thousands of people strong, hailing from all around the world and including representation from academics, security, technology and various other disciplines.