OpenDNS Security Graph uses big data analytics and machine learning to automate protection against
both known and emergent threats.
Other security players build reputation systems and behavioral analysis sandboxes to detect “unknown” threats, so we are often asked, “What makes your threat intelligence solution so different to claim to deliver a unique layer of network security?” First, we built a Global Network that is integrated at the Internet’s underlying DNS and BGP layers. It is capable of acquiring live data from any device and network, over any port, protocol or app—so even advanced threats cannot hide. Also, it sees which IP networks are associated with one another—so we can learn how threats are related. Second, our Global Network handles two percent of the world’s Internet requests—a cross-section large enough to identify global patterns in security activity. Third, we analyze this massive flood of raw data to see where attacks are staged on the Internet instead of waiting until an attack targets a customer.
Global visibility of attackers’ infrastructures
Just as nations maintain surveillance over their adversaries, OpenDNS monitors usage of the Internet. Every second, we acquire over one million malicious and non-malicious Internet events. We automatically link the events to known threats. And correlate the events with associated DNS infrastructures and IP networks. Most importantly, we do this continuously, such that we see new relationships forming between domains, IPs and attackers’ infrastructures before an emergent threat happens.
For example, one algorithm we pioneered analyzes the frequency at which domains co-occur seconds apart from one another. We surface this intelligence in our user interface, to enable customers to investigate future attacks.
Intelligence enforced in the cloud on any device, anywhere
Our network security service—Umbrella—is powered by OpenDNS Security Graph. Our service provides threat protection like no other because it knows which DNS infrastructures and IP networks will distribute malware, control botnets, or phish login credentials—before your organization is attacked. And the same benefit of having a Global Network capable of acquiring data over any Internet connection, means that most advanced threats cannot route around Umbrella.
In addition to threat protection, our intelligence makes our service faster and easier to use. Our Intelligent Proxy provides deeper inspection at the URL-level only for connections that cannot be accurately blocked at the DNS layer.
No knob tuning or waiting on new samples
Similar to Amazon learning from shoppers’ purchase patterns to make suggestions, or Pandora learning from music listening patterns to play songs, OpenDNS is always learning from new Internet events to prevent advanced attacks. Unlike static reputation systems, our algorithmic classifiers are always adapting due to live activity. And unlike reactive sandboxes, we do not need to collect a sample of an attack. We built a Security Labs team that is comprised of data scientists, infrastructure engineers and threat researchers with an unconventional focus. Rather than reverse engineering malware, we focus on removing the biggest bottleneck to staying ahead of attacks—humans—by building machine learning systems.