OpenDNS buy is feeding security insights to Cisco's threat-intelligence efforts

Visibility of online activities paints clearer picture of changing threat climate

Nearly a year after it was acquired by networking colossus Cisco, OpenDNS is providing a wealth of information about online security risks and user habits that is informing Cisco's threat analytics and remediation work around the world.

That information is being collected and analysed on an ongoing basis as the company leverages the ongoing activities of more than 65 million users of OpenDNS – an alternative DNS infrastructure, acquired by Cisco in August 2015, that provides usage monitoring, security scanning and other features that help businesses tighten control over their Internet usage.

“OpenDNS is proving to be a very straightforward, zero-touch deployment that can be done in a minute and gives organisations an enormous level of visibility about where their users are connecting to while protecting them from connecting to places they shouldn't,” Cisco ANZ general manager of security sales Anthony Stitt recently told CSO Australia.

“We see about 2 percent of all Internet traffic through OpenDNS, and the level of threat awareness and visibility that we get out of such a huge customer base is very, very good. Because of this, we have an amazing level of visibility into what 'bad' looks like.”

In the current security climate – in which Australian users are clicking on malicious URLs millions of times per month – that high level of visibility has helped shape security policies based on real-world examples of malicious files buried within file download streams. Among other information that Cisco's security team collects, downloadable software samples have proven to have great predictive value: whenever the team is presented with a new file that it hasn't seen before, odds are that it is a new strain of malware.

“We've discovered that low-prevalence files, that we've seen maybe 5 to 10 times or fewer, are 100 times more likely to be malware,” Stitt explained. “We place a much more fine-grained lens over low-prevalence files than things that we have seen thousands of times before, because those things are typically things that we know about – the normal applications and services that organisations run.” As well as informing Cisco's ongoing work in threat detection, the expanding security infrastructure is paving the way for more proactive use of new technologies to improve customers' overall security posture.

OpenDNS founder and CEO David Ulevitch last year called Cisco's acquisition of OpenDNS 'a new day in cloud security', highlighting the importance of better network visibility in driving companies' transition to the cloud.

This mission is facilitated by the vision of Cisco, which has been a staunch proponent of software-defined networking (SDN) models and is using its experience in threat intelligence to help shape SDN policies designed to help enforce security at the network level. Software-defined network segmentation, which becomes both implementable and enforceable within SDN environments, is proving to be a highly useful way of cordoning off 'zones of trust' across organisational networks, Stitt said, with virtual workloads easily transported across zones to help protect them. “Security is one of the primary use cases for networking,” Stitt said, “because it solves a number of problems that customers have with internal segmentation and security.”

“If they can do that in a software-defined and -orchestrated way, it has a much lower cost of implementation and management than trying to carpet-bomb the internal network with firewalls. You can always put up firewalls, but being able to do that in an orchestrated way lets you move service and workloads into the cloud – and have security follow that just as easily.”

SDN also facilitates traffic classification according to rules that are being regularly tweaked according to the collective learnings from the information dumps provided by OpenDNS and other envionments. The value of these regular information feeds has solidifed the appreciation of the value of threat intelligence, a practice that has come into its own in recent years as cloud-based architectures fostered collaboration around detection and analysis of security threats.

“Threat intelligence is a big problem and a small problem at the same time,” Stitt said. “The big problem is how you can get as much data as you can, to do all sorts of data analytics with. The small problem is how you reverse-engineer malware, find weak signals and use the collective immunity to discover it and leverage it for the benefit of all our customers. OpenDNS really gives us a major uplift in both of these problems.”

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallsciscosecurity risksdata protectioncyber securitythreatsSecurity climatenetwork securityOpenDNS

More about CiscoCSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place