Enterprise IT Context for the CTO

Bob Gourley

Subscribe to Bob Gourley: eMailAlertsEmail Alerts
Get Bob Gourley via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: XML Magazine

Blog Feed Post

Kicking the Tires: Verisign DNS Firewall

Cognitio has been evaluating the new Verisign DNS Firewall along with its Recursive DNS service for the last several weeks. Our bottom line conclusion: Integration of the Verisign DNS Firewall into an existing environment couldn’t be more seamless, configuration and management are a breeze, and it delivers immediate benefit to the security posture of any environment.

Background: Verisign is synonymous with providing global, highly available DNS services. Verisign manages two of the thirteen authoritative DNS root name servers servicing the world’s DNS queries and has been responsible for running the entire global .com DNS infrastructure for more than 18 years at 100% operational accuracy and stability. This means, during this time there has not been a single outage, testimony to their ability to deliver reliable DNS services at scale (they also provide DNS services for .gov,.net, and .edu). Verisign has leveraged its industry leading DNS capabilities and unmatched technical ability in the DNS arena to develop the Verisign DNS Firewall offering. Verisign also serves the cybersecurity community through the highly regarded cyber intelligence services of its iDefense team. Informed by the traffic that Verisign’s network sees every day this threat intelligence capability provides the basis for any modern intelligence driven defense capability and also integrates directly into the DNS Firewall.

The Announcement:

Michael Kaczmarek of Verisign announced the Verisign DNS Firewall offering as:

An easy-to-configure, cost effective managed cloud-based service that offers customers the ability to customize filtering to suit an organization’s unique needs in order to offer robust protection from unwanted content, malware and advanced persistent threats (APTs).

For organizations that do not have an existing security solution, the Verisign DNS Firewall provides a service that secures your traffic navigation without the significant cost burden associated with hardware implementations. For organizations that already have existing security solutions, Verisign DNS Firewall provides “defense in depth” as an added layer of security that can augment existing traffic navigation and threat management capabilities.

The power of this managed service is that it offers added protection from three key vectors of attack:

  • If an organization has been infected with malicious code that seeks to communicate out of your organization, that communication can be filtered in real-time, before damage is done;
  • If a person inside your organization has been tricked into clicking a malicious link or falls prey to a malicious advertisement and attempts to visit a corrupted Internet site, the Verisign DNS Firewall can prevent access to that location;
  • If well resourced adversaries apply advanced and/or new techniques to seek to penetrate your enterprise, the updated information provided by Verisign’s iDefense Security Intelligence Service and bot-net detection algorithms can provide automated actions to actively block access to those command & control points thus blocking further access to those attackers.

With the Verisign DNS Firewall, enterprises are also provided with enhanced tools to help ensure increased visibility and maximize the productivity of your enterprise. This includes near real-time analysis of activity and easy to configure options like customized blacklists and whitelists.

We found the integration and configuration of this service to be one of the easiest implementations of technology we have ever evaluated. It only requires an update to DNS settings and then IT leadership can effortlessly tailor and configure the options with an easy to understand web based user interface.


For more information on the DNS Firewall and other Verisign Security Services check out their website:


Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com