With so many new and varied devices such as smartphones, smartwatches, laptops, and tablets accessing a service provider network, with a 2.9 device per-person average worldwide according to a Sophos survey, it’s no wonder there is Operator concern with supporting only desired and approved communication. And with the total number of devices growing to 5 per internet user by 2017 according to Cisco, Service Provider network traffic is going to continue to increase…dramatically.
What will Operators connect to their network next?
All these new device clients connected to the internet need a secure DNS (Domain Name System) architecture for reliable responses to where that desired service is available. So as the internet of things (IoT) turns into the internet of everything with not just people to machines but machines to machines, with BYOX anything, and with wearables connected to the internet, there are exponentially more chances of malicious traffic accessing a fixed and wireless network. Recently, HP released an Internet of Things study noting 70% of IoT devices were vulnerable to attack with an average of 25 vulnerabilities per product.
In a recent IDG Research survey sponsored by F5, 66% of network managers in charge of DNS services were highly concerned about Security…and, rightly so. The growth of services for subscribers to access means more opportunities for attackers to introduce malware and viruses. When a subscriber selects a service, downloads data, views a webpage, or clicks on a browser link, there is a possibility that the response contains malware or viruses unknown to the subscriber. Once a data transfer happens, possible infections occur undetected.
Is that a filter or a firewall?
To keep your services at peak performance for the best subscriber usage and service availability, malicious communication from rogue programs and web sites must be blocked in your network. Many DNS offerings optionally protect from malicious communication by providing outbound domain filtering, although, it’s commonly called a DNS Firewall.
The actual feature is referred to as Response Policy Zones (RPZ), and it helps filter out domains with reputations for malicious activity. Those offerings, that let you choose a domain filtering service and import the database of IP addresses for blocking, give you the most flexibility in customizing where your users and those pesky viruses are able to navigate. RPZ should be a part of an overall strategy of securing your network landscape.
Mitigating unwanted communication on your service network
When you want to start filtering domains out of your network communication, solutions like BIG-IP Global Traffic Manager (GTM) with DNS security, scale, performance, and control provides DNS firewall benefits including domain filtering with RPZ.
You can lower your risk of malware and virus communications on your service provider network and mitigate DNS threats by blocking access to malicious IP domains of your choice using a domain reputation service imported into BIG-IP GTM. In addition, with high speed logging and reporting of blocked domains, you now know which clients on your network have potential infections for rapid inspection and reduction of infection resolution costs.
By mitigating unwanted communication, BIG-IP increases service performance for subscribers with the desired traffic traversing your network. The BIG-IP platform is ICSA certified for network security, and it’s easy to select various DNS security services to increase your overall posture. So now you have confidence and control in allowing more Internet of Things to connect with your services while you filter out and mitigate malicious communications.