Internet network security is more challenging than ever, and many organizations don’t have the tools to identify and address potential problems.
DDoS for hire, BGP hijacks, DNS cache poisoning events and other threats are turning the internet into an increasingly dangerous place, said Kyle York, vice president of product strategy for Oracle Cloud Infrastructure. He discussed these threats and ways to address them in an appearance on This Week in Enterprise Tech.
“The biggest challenge is making sure you have the visibility into the actual traffic flows of the internet, how the internet is connecting into your application from the outside, and also having the right team of experts trying to get one step ahead,” York said.
Artificial intelligence and machine learning technologies have received a lot of hype regarding how they can help identify and defend against internet network security threats, but they alone will not fix the problem, York said.
“You still need people,” he added.
There are several DNS security technologies and standards that can help, but many organizations don’t adopt these tools because they provide end users with no obvious proof of added protection – unlike CA and SSL certificates, which are visible in web browsers.
“It’s a really tricky problem for internet infrastructure practitioners to go and deploy these services because the consumer doesn’t see them on their end of the line to know that these websites are being protected,” York said.
As a result, infrastructure owners don’t often do anything about DNS or BGP security until it’s too late, he said.
York also explained how Oracle Dyn’s DNS services – which look at BGP routes, BGP routing tables, DNS footprints from recursive to authoritative DNS logs, and more – can provide the visibility organizations need to stay ahead of the latest internet network security risks.
“It’s shocking sometimes to sit with enterprises and show them how our outside-in network and our data sets display their internet posture,” he said. “Meaning, what IP space do I own? What’s my domain footprint? Where do I have infrastructure deployed?”