Cloud-Delivered Network &

Endpoint Security

1 CONFIDENTIAL
 UMBRELLA
Enforcement
Network security service
protects any device, anywhere

INVESTIGATE
Intelligence
Discover and predict
attacks before they happen

PRODUCTS & TECHNOLOGIES

2 CONFIDENTIAL
 TRUSTED by Enterprises Worldwide

3 CONFIDENTIAL
Why OpenDNS?
DNS Services Built for World’s Largest Security Platform

GLOBAL NETWORK UNIQUE ANALYTICS

• 80B+ DNS requests/day • security research team
• 65M+ biz & home users • automated classification
• 100% uptime • BGP peer relationships
• Any port, protocol, app

+
• 3D visualization engine

= 80M+
malicious requests
blocked/day

4 CONFIDENTIAL
Common Security Challenges

50% of PCs are Mobile 70-90% of Malware Shortage of

70% of Offices go Direct
Most mobile & remote workers don’t
keep VPN always on, most branch
offices don’t backhaul traffic, and
most new endpoint tools only detect
is Unique to Each Org
Signature-based tools, reactive
threat intelligence, and isolated
security enforcement cannot
stay ahead of attacks
Security Talent
Many tools require
more resources than
you have available
to make work

5 CONFIDENTIAL
Problems We Solve

Breach and Internet-wide Web Filtering and

Malware Protection Visibility Cloud/IoT Visibility
Prevent data exfiltration and Speed up incident response Enforce acceptable use, see
compromised systems by blocking with a live, up-to-date cloud services & IoT devices in
C2 callbacks and malicious sites view of the Internet use, and keep guest Wi-Fi safe

6 CONFIDENTIAL
How We Do IT

xyz.com
DNS 1.2.3.4

Global Unique Algorithms Real-time Activity

Recursive DNS Applied to Unique Data With Log Storage
Egress points or virtual appliance, Observes relationships in global View your most recent global
roaming client or mobile app DNS and internet infrastructure to activity from all locations, Store
forwards DNS to our global network discover where attacks are staged DNS logs for as long as you want

7 CONFIDENTIAL
Gather Intelligence & Enforce Security at the DNS Layer F
Any Device Recursive DNS Authoritative DNS
root

com.

domain.com.

Request Patterns Authoritative Logs

Used to detect: Used to find:
• Compromised systems • Newly staged infrastructures
• Command & control callbacks • Malicious domains, IPs,
• Malware & phishing attempts ASNs
• Algorithm-generated domains • DNS hijacking
• Domain co-occurrences • Fast flux domains
• Newly registered domains • Related domains
8 CONFIDENTIAL
Global Network Built into the Fabric of the Internet

ZERO
added latency
peer w/top 500 ISPs & CDNs

100% 2%
uptime worldwide
since 2006 activity
400+ Gbps capacity, globally-shared
DDoS protection & DNS cache
global fail-over
9 CONFIDENTIAL
 What is the
OpenDNS Solution?

10 CONFIDENTIAL
Leveraging
Who a Single
Resolves Global
Your DNS Recursive DNS Service
Requests?

ISP
ISP ??

BENEFITS
CHALLENGES Enterprise
Home ISP
ISP 11

Users Location A
Global
MultipleInternet
Internet mobile
mobile
Internal
InfoBlox
Activity
Service Visibility
Providers carrier
carrier
Mobile
Appliance

Devices
Network Security
Direct-to-Internet Enterprise
Location B ISP
ISP 22
w/o Adding
Branch Latency
Offices Internal Windows
DNS Server
Roaming
Consistent Policy
Users Forget to ISP
ISP ??
Laptops
Enforcement
Always Turn VPN On Enterprise
Location C
Internal
Internet-Wide
Different DNS BIND Server ISP
ISP 33

Remote
Cloud App Visibility
Log Formats ISP ??
ISP
Sites

Authoritative DNS for

Intranet Domains
Recursive DNS for
Internet Domains
11 CONFIDENTIAL
A New Layer of Breach Protection

Threat Prevention
Not just threat detection

Protects On & Off Network

Not limited to devices forwarding traffic through on-prem appliances

Always Up to Date
No need for device to VPN back to an on-prem server for updates

Block by Domains for All Ports

Not just IP addresses or domains only over ports 80/443

UMBRELLA Partner & Custom Integrations

Does not require professional services to setup
Enforcement

12 CONFIDENTIAL
To Summarize.. How It Works

Ingest Apply Identify

millions of data statistical models and probable
points per second human intelligence malicious sites

.com
.cn
.ru
.net
.com
13 CONFIDENTIAL
 Play in slide show mode to see animation

Malaysia Airlines DNS Hijack

January 25, 2015

14 CONFIDENTIAL
 MALICIOUS
ASN/IP
IDENTIFIED
Owned by Lizard Squad
who hacked PS3 and
Xbox Networks in
December 2014

15 CONFIDENTIAL
 OpenDNS recognized the domain
hijacking on Jan 25th and blocked
the DNS request, and hence any
subsequent attack
16 CONFIDENTIAL
 UMBRELLA
Enforcement
Network security service
protects any device, anywhere

INVESTIGATE
Intelligence
Discover and predict
attacks before they happen

PRODUCTS & TECHNOLOGIES

17 CONFIDENTIAL
OpenDNS INVESTIGATE

Live graph of DNS requests and other

contextual data

Correlated against statistical models

DOMAINS, IPs & ASNs
Discover & predict malicious domains
API
Enrich security data with global intelligence
CONSOLE SIEM, …

18 CONFIDENTIAL
A Single, Correlated Source of Information

Passive DNS database

WHOIS record data

Domain reputation scores

ASN attribution

IP geolocation

IP reputation scores

Domain co-occurrences

INVESTIGATE Anomaly detection (DGAs, FFNs)

DNS request patterns/geo. distribution

19 CONFIDENTIAL
Get your Free Trial

 To get your your 14 Day Free Trial of

OpenDNS Umbrella go to
https://signup.opendns.com/freetrial/ and
sign up

20 CONFIDENTIAL
21 CONFIDENTIAL