EfficientIP: At the Forefront of DNS Security

David Williamson, CEO As DDoS attacks become more prevalent in volume, size, and sophistication, what businesses require today are effective counter-measures that protect them from this threat. In the recent times, organizations have been finding themselves victims of DDoS attacks via the Domain Name System (DNS); the security of which is essential as the DNS delivers critical and indispensable services such as Customer Relationship Management (CRM), internet accessibility, and Voice over IP (VoIP) or any other IP based applications. “Targeting the DNS server, the attackers often take advantage of the visibility and vulnerabilities in the DNS protocol stack,” remarks David Williamson, CEO, EfficientIP. Delivering advanced security solutions, EfficientIP is one of the few vendors who offer a unified management framework for DNS, Dynamic Host Configuration Protocol (DHCP) and Internet Protocol Address Management (IPAM). “Existing security solutions are inadequate in combating DNS attacks as they do not analyze the malicious traffic at the DNS transaction level,” adds Williamson. EfficientIP not only remediates this limitation by offering solutions that deliver unprecedented transaction analysis but also drives business efficiency through network services availability, security, and performance. The company addresses business imperatives, like business continuity and reduced time-to-market, through its flexible and integrated DDI solution that enhances management efficiency and agility of the network's infrastructure.

Heading the SmartArchitecture Concept
EfficientIP’s SMART DDI approach offers enterprises and service providers a unique appliance based solution to intelligently simplify and automate design, deployment, and management of the critical DDI infrastructure. The company’s DDI solution is based on SOLIDserver—a suite of appliances designed to deliver scalable, secure, and robust virtual and hardware appliances for critical IPAM, DNS or DHCP services. SOLIDserver ensures unmatched automation of DDI deployment processes, delivering unparallel support of business objectives. “Our solution is unique in nature as it is integrated in a single platform which is easy to use and offers a holistic visibility of the network infrastructure,” states Williamson. Moreover, the SOLIDserver appliance operates in a SmartArchitecture—a technology that facilitates unified management
of a DNS infrastructure that affirms service continuity with fewer servers and reduces investment and operational cost for clients. EfficientIP's SmartArchitecture also enables effortless deployment of hybrid DNS architectures which protects customers against zero-day vulnerabilities.

The hybrid DNS engine offers three technologies (BIND, NSD, Unbound) in one appliance to eliminate single point of failure following security alerts on standard DNS technologies. “The EfficientIP hybrid technology incorporates alternative DNS engines, which allows users to switch to another engine that is unaffected by the security breach during an attack,” remarks Williamson.

In case of an asset management firm, the company decided to reinforce its infrastructure with a DHCP high availability solution.The client required a solution that would ensure DHCP service continuity and unify IP, DNS, and DHCP services. Resorting to EfficientIP, the client gained real-time visibility and network consistency from reliable and centralized IPAM, DHCP, and DNS services.

Ensuring Business Continuity
Another core product delivered by the company, which acts as a panacea to mitigate the risks of a DDoS attack is the DNS Blast. Since a DNS server crash is a major security hazard, which can severely affect an organization’s brand image or business, DNS Blast limits DNS server crashes of slow performance, while always answering queries. “The DNS Blast absorbs up to 17 Million DNS queries per second over other DNS servers in the market that measure around 300,000 queries,” says Williamson. Although most companies deploy multitude of servers, implement firewalls, and load balancers, the end result is ineffectual. DNS Blast absorbs majority of the attack with a sole server, simplifies the DNS infrastructure and maintains a high level of security throughout. The elimination of dozens of DNS clusters also allows a company to reduce their total cost of ownership and management of DNS. When one of EfficientIP’s client—a telecommunications company faced a DDoS attack, DNS Blast withstood the attack negating the need to shut down the server. Being a cache appliance that will never be saturated or corrupted, the solution could handle more bandwidth than the network itself.

For advanced protection against DDoS, EfficientIP’s DNS Cloud solution powered by Amazon Route 53 offers easy deployment and in-house management and cloud DNS infrastructures from a single management console. “The Amazon Web Services (AWS) guarantees 100 percent availability and our solution manages traffic globally through a variety of routing which results in low-latency and fault-tolerant architectures,” explains Williamson.
Detect, Protect, and Remediate
One of the company’s latest releases is the DNS Guardian which is devised to provide DNS service availability, data integrity, and continuity of web services for businesses while an attack is underway. The solution monitors DNS cache-recursive activity at the transaction level and renders real-time transactions analysis which helps identify specific patterns in a DNS attack. The DNS Guardian separates the cache function from the recursive function where in case of an attack each function is protected separately. This is followed by activation of the rescue mode where continuous service is retained till the attack is curbed. “Around 95 percent of DNS queries are contained in the cache of a DNS server and when under attack, our solution is able to handle all 95 percent of the queries even if the source of the attack is not identified,” reveals Williamson.

Our solution is unique in nature as it is integrated in a single platform which is easy to use and offers a holistic visibility of the network infrastructure

In one instance, a leading supplier of business management software and services wanted to regain global control over its DNS internet service. On opting for EfficientIP's DNS management solution, the client witnessed better service continuity and security than those offered by the host. With EfficientIP, the client gained a global control over their DNS internet service while implementing automated workflow processes, observed a significant cost reduction and a high level of performance and security. In addition, the client also saved more than 3/4th of the budget allocated to DNS management.

With innovation on top of their agenda, in the coming year, the company plans to release additional solutions with enhanced security, continuity of service, and high performance. “We believe in setting the bar high and our business is expected to grow by 92 percent in the near future,” asserts Williamson. Governed by a best in class approach, combined with their futuristic tools, the company is truly a leader in delivering competent security solutions that address the ever-changing needs in the DDoS landscape


West Chester PA

David Williamson, CEO

Provides a unique appliance based solution to simplify and automate design, deployment, and, management of the critical DDI infrastructure.