kreizihorse - Fotolia
Nominet Cyber Security aims to address a gap in how organisations approach their cyber security, caused by overlooking the potential of real-time Domain Name System (DNS) analytics to pinpoint threats.
The division is also aimed at spearheading Nominet’s international expansion strategy for cyber, and brings together teams of product developers, cyber researchers, marketers and industry advisors.
DNS is used by every business on the internet, and yet few have any idea of visibility or control over DNS performance, with 92% of UK businesses having limited visibility of the impact of DNS performance on their internet users and visitors to their websites and other online resources, according to a 2017 report by independent analysis firm Quocirca, commissioned by communications and analysis firm Neustar.
Because DNS is a foundational part of the internet, with every organisation, web page, email and internet-connected device using it in some way, criminals inevitably use DNS for a range of activities, including malware communications, data exfiltration and targeted phishing.
According to Nominet, each one of those attacks leaves a tell-tale sign, but relatively few organisations are aware that technology now exists to effectively “listen” to the DNS, isolating the threat hiding within huge datasets.
“We believe our technology represents a fundamental shift in a disparate and overwhelming security landscape, removing the burden on hard-pressed security teams and providing greater visibility by operating at a deeper level to pinpoint threats more quickly,” said Nominet CEO Russell Haworth.
The new Nominet cyber security division will bring to market the NTX platform, which is being used by the NCSC as part of its Active Cyber Defence programme to block malicious content from being accessed from government systems, stopping an average of 5,000 malicious traffic requests every week, countering malware, phishing and data exfiltration attacks.
Simon McCalla, Nominet
NTX is hosted in the cloud and sits at the heart of the network to monitor the vast amount of DNS traffic that flows into and out of an organisation as part of daily business. According to Nominet, NTX uses a “unique application” that combines patented compression techniques, analysis and advanced heuristics to spot anomalies that are a marker of malicious traffic. Once it spots these behaviours, it can sever and blacklist problematic connections automatically.
NTX technology is built on Nominet’s expertise running the .uk internet infrastructure for the past 22 years. Early versions of the technology helped identify security vulnerabilities and helped the internet community and law enforcement tackle significant botnets.
Nominet’s chief technology officer, Simon McCalla, said the traffic on any organisation’s network was a goldmine of intelligence for security teams, but only if they have visibility when it matters.
“Our approach is about real-time DNS threat detection and blocking. In a fast-moving threat landscape, speed of response is crucial. The key is instant detection of the needle in the haystack – isolating a single malicious packet hidden inside vast quantities of legitimate enterprise data,” he said.
Nominet Cyber Security, which will be headquartered in Oxford and have dedicated teams in London and the US, underlines Nominet’s belief and investment in its cyber security capabilities, said Haworth.
“We’ve had strong interest in the work we have done work with the UK government and have our sights set on expanding our footprint overseas,” he said.