Despite DNS Servers providing the vital link between users and their applications, research worryingly shows that most businesses still have no solution in place to protect them from attacks that result in business down-time, financial loss, intellectual property theft and damage to reputation. According to a new survey conducted for EfficientIP by IDC1, while most organisations are aware of the security risks linked to DNS servers (82 percent of respondents were aware and recognised the threats), most IT budget and time is still spent on more traditional network security solutions such as Firewalls (68 percent).
“Businesses need a sharp wake-up call before its too late,” said David Williamson, CEO at EfficientIP. “With more and more companies relying on a continuous online presence to operate effectively, DNS server security is essential. If a DNS server crashes or can’t answer a request immediately, it can have disastrous consequences. Yet most organisations are still leaving themselves vulnerable to attack. DNS Blast allows businesses to confidently provide high availability of service while decreasing the TCO of their DNS infrastructure and reducing management time. We believe it is the ultimate answer to DDoS attacks.”
Recent research from Neustar2 also highlighted that DDoS attacks use more and more bandwidth, yet the DNS server is still the weakest component of the network infrastructure. Victims now need a significant increase in DNS request performance in order to mitigate these attacks, yet current solutions fail to provide this. In 2013 the percentage of victims needing more than one gigabyte per second (GBPS), which equates to 10 million queries per second (qps), had more than doubled to over 28 percent in just 12 months. EfficientIP’s SOLIDserver DNS Blast is the only solution available today that can support up to 17 million qps with a single appliance and two network adapters. Existing solutions are only able to support up to 300,000 qps or one million clustering servers, making them much more vulnerable.
Threats from DDoS attacks to any business, not just ISPs, are also increasing at an alarming rate. IDC found that 72 percent of all respondents confirmed that they had been the target of a DNS attack in the last 12 months while Prolexic reported3 that nearly half of all DDoS attacks suffered in Q1 2014 were in the Media and Entertainment sector.
The IDC research also identified that while 85 percent of respondents have basic DNS security functions from their security appliance, businesses are still vulnerable as these functions are usually ineffective during an attack.
“This is a real case of a wrong answer to a real problem, said Williamson, “Firewalls are not the right technology when DNS servers are under attack as they will not have any effect. The innovative technology developed for DNS Blast will always scale to customer needs to achieve the highest level of security the business is expecting.”