Migrating Security into the Network

[Commentary] Every day, the news validates that Internet threats have gotten more numerous and more sophisticated. Existing security solutions have served us well, but there are holes that must be filled. Just as attackers are relying on the power of the Internet to maximize the effectiveness of their exploits, so must security protections move into the network to maximize their effectiveness. With protections in the network, it is easy to defeat attackers that move their servers around by tracking them based on their domain names (using the URLs in the links they embed) rather than their IP addresses. Protections are also pervasive. Any device that accesses the Internet can be protected whether or not it has security software, and any application can be protected too. The good news is that a system is already installed across the Internet that could make a great starting point. It is always available, has proven performance, and scales beautifully. It employs a lightweight protocol that was specifically designed to handle continuous updates, even under heavy loads. Every device that accesses the Internet supports it, and every Internet transaction already depends on it. It's the Domain Name System (DNS). With a few small steps, we can induct the DNS into the fight against malware and rapidly realize enormous gains. [Tom Tovar is the Chief Executive Officer at Nominum, a provider of IP address infrastructure software for enterprises that require reliable and secure DNS, DHCP for their mission critical networks.]