As economies continue to struggle and the digital age brings both new opportunities and new threats, many businesses are being forced to rethink their strategies to stay ahead of the competition.
Nowhere is this more true than in the telecoms space, where increased customer demands and rapidly evolving technologies collide – making this an increasingly fast changing and challenging sector to navigate. To deal with this issue, businesses in this sector must innovate, and one (perhaps surprising) area where we can see this in action is around DNS (Domain Name System) technology.
DNS is over 30 years old, and is deployed in every IP network. People and applications make trillions of DNS queries daily to translate human understandable domain names into IP addresses to navigate the Internet. Although the DNS has been around since the beginning of the Internet it’s only recently been viewed as a way to start solving a broader range of business problems.
An excellent example of how this old and often under-utilised technology is delivering real innovation can be found at a managed services provider (MSP) in Europe that was considering launching a new security service. But before doing so they wanted to answer a fundamental question: how many of their enterprise customers actually had malware infections within their networks?
They discovered that simply be making a small change in the configuration of the DNS they were able to see that over 700 business customers had critical (and often undiscovered) malware infections. For example, one major healthcare company they worked with was infected with multiple malware variants capable of logging employee keystrokes – a major risk to the sensitive patient data stored on their network.
Security applications are a logical starting point for extracting value from the DNS since, just as virtually every legitimate IP application relies on the DNS, so do the attackers. This opens up a wide range of uses of DNS data to detect and prevent threats. For instance, DNS is used to prevent data exfiltration from infected devices on the network by observing clients querying criminally owned botnet command and control (C&C) sites. DNS is also being used to prevent phishing attacks, warn users accessing sites hosting malware and prevent access to a range of unwanted or illegal content.
While DNS has played a role in security for a while, its importance has recently increased significantly. In just the last several years the DNS has been used to detect or take down an increasing number of sophisticated botnets – e.g. Conficker, Aurora, Stuxnet, Zeus, Flamer, TDL4 and Nitol. DNS (port 53) is also one of the few open ports on enterprise networks making it a natural target for attackers, especially as enterprises have been scrubbing HTTP traffic more carefully leaving fewer channels of communication open to attackers.
Likewise, the proliferation of devices accessing enterprise networks has made it essentially impossible to prevent every infected device from getting on the network. If you can’t keep infections out of the network you need to identify and remediate them quickly, for which DNS is uniquely suited.
Enterprise security is just a starting point though. Other DNS-based applications that have or are being deployed include:
- Content filtering – Virgin Media in the UK launched an application to block access to pornographic content on their Free WiFi service at the London Underground stations just prior to the Olympics in less than two weeks. Delivering the service in two weeks would have been impossible if they weren’t able to leverage an existing DNS-based platform in their network.
- Customer retention – A major South American cable operator launched a series of applications based on the DNS. This included an application to communicate special pricing packages to customers who had called to cancel their service through subscribers’ Internet browser and another to offer profitable customers free upgrades.
- Managed security – MSP operators are planning to offer small businesses an intuitive, easy-to-use solution for protecting every Internet-enabled device from phishing, malware and other targeted attacks. The solution can also be extended to block content that small businesses don’t want to allow into the office such as pornography, hate sites, violence sites, etc all using an intuitive interface that non-technical users understand.
- Customer loyalty – Over half of consumers said they never complained to their service provider before disconnecting service yet most churn management systems rely on call records to predict behaviour. DNS data is now being used to predict who is likely to churn or discontinue using a service before they decide to cancel their service based on customers’ online activity.
- Strategic marketing – Media companies know a lot about what their subscribers are watching on their service but little about what types of content viewers are watching online and over what device. DNS data is now being used the popularity of specific OTT applications, what online videos are most popular, what categories of websites are popular with which types of subscribers and much more.
An additional advantage of using an application system built around existing technologies is that it removes a layer of difficulty for businesses. Companies which have implemented a variety of new systems to deliver business applications, comply with regulations and address security threats, have seen the complexity of running their networks has increase dramatically.
Having more disparate IT systems increases the cost of maintenance, integration, upgrades and patch management. Application ecosystems built around existing technologies such as ERP and sales force automation aim to address this challenge.
The many positives of DNS prove the value for businesses of looking at what resources they currently have (before investing in something new), and working around those to improve efficiency and reduce costs. For businesses looking at DNS technologies, security is an obvious plus point from the start, but the range of available applications based on DNS data should make it a very tempting prospect for any company looking to innovate without adding complexity.