You Can't Rest On Reputation Mr Mockapetris

Blacklisting and Whitelisting Needs to Progress to Real Time Analysis

Wednesday, June 3, 2009 - Paul Mockapetris, the inventor of the Internet's domain name system (DNS) has published a byline on online security in the Financial Times' Digital Business. http://www.ft.com/cms/s/0/2a452b32-3631-11de-af40-00144feabdc0.html. In his article Mockapetris suggests that current email filtering undertaken by ISPs can be extended to use reputation data to protect against malware in other network traffic: "All that is required is that the DNS reputation data-feed be extended the DNS servers that the operator already provides to its users for web queries and other applications." He concludes his FT piece by stating, "Every device that access the internet supports it [the DNS] and every internet transaction already depends on it [the DNS]. With a few small steps, internet service providers can leverage DNS in the fight against malware and help keep users safer."

Ed Rowley, EMEA Technical Consultant at email and Web security vendor Marshal8e6 (www.marshal8e6.com) agrees with the malware and spambot issues raised by Mockapetris and adds that companies need to view the opening up of top level domain names as the death knell for traditional email and web filtering products that rely on reputation blacklists of "bad" domain names:

"We have said repeatedly that the increase in new top level domain names will overwhelm Web security filtering products that rely solely on blacklisting 'bad' sites "In addition, over the last 12 months our TRACE labs team have identified trends that suggest more than 1.5 million legitimate websites have been compromised by hackers and spammers. Once compromised, cybercriminals use a number of techniques, such as 'search engine optimisation' or 'blended threat' email attacks to drive unsuspecting users to these websites; indeed research conducted using our spam honeypots has shown an alarming increase in spambots sending out messages with links to hacked sites that appear to be bone fide." says Rowley.

"The combination of Web and email communication streams being employed for blended attacks and the flood of new top level domain names, highlights the need for a layered approach to security, using products that can filter and analyse the behaviour of both email and webmail in real time. This 'Secure Web Gateway' approach will protect businesses from inadvertently compromising network security by accessing freshly poisoned web sites."

Further information on the rise in blended attacks and the incidence of "good" sites being compromised by malware, can be found at the Marshal8e6 Threat Research and Content Engineering site:
http://www.marshal8e6.com/newsimages/trace/Marshal8e6_TRACE_Report_Jan2009.pdf

To download Marshal8e6's white paper on Today's Blended Threats, please click here:
http://www.marshal8e6.com/resources/white-papers.asp

About Marshal8e6
Marshal8e6 is a global provider of Web and email security products. We are the only security company able to provide integrated, reliable and effective enterprise-class multi-layered solutions. Our deep expertise in Web and email allows us to correlate real-time threat intelligence to protect organizations from current and emerging threats. With 20,000 customers and 16 million end users in 96 countries, the company is privately held and based in Orange, California with international headquarters in London and offices worldwide. For more information about Marshal8e6, please visit www.marshal8e6.com.

Media Contacts:
Melanie Johnson
éclat Marketing
+44 (00 1276 486000
marshal8e6@eclat.co.uk