domaintools-1
1 September 2013Tim Chen

Trademark protection with DNS data: taking cues from network security

Network security professionals have long been on the cutting edge of technology and the use of data to address compromises. Security breaches and cyber attacks can destroy incredible amounts of value in a very short time. A 2013 study by the Ponemon Institute showed that cyber attacks cost companies an average of $5.4 million per attack.

By taking a deeper look at the methods and tools used by network security professionals, processes to improve online brand protection strategies can be identified.

Network security starts with data. The basic network security model involves installing sensors or other data collection points within the client network. Service providers will overlay deep data analytics and pattern recognition in order to detect abnormal network behaviours. Often the terabytes of internal network data will be augmented by sourcing significant amounts of external data such as IP blacklists or spam domain lists.

Timely investigation of who is behind cyber attacks is vital for immediately mitigating threats as well as understanding possible related threat activity. Detailed research is also important for gathering evidence that can be used in prosecution.

"It's time to go to the next level with deeper data and analytics from within the dns and associated data stores."

Most types of cyber attacks leave a trail of network signatures, including domain names, host names and Internet protocol (IP) addresses. When combined with Whois data, this domain name system (DNS) data can help identify the people behind these attacks, as well as associate other related resources that may be targeting a network or organisation.

Brand protection professionals can deploy similar strategies to improve their effectiveness.Traditional online brand protection strategies have involved tactics such as looking for typo domain names, knock-off ecommerce sites, unauthorised brand and logo use, and brand-abusing spam sites. There has been very little use of deeper DNS data. Incorporating this data, following the advanced strategies used in network security, provides a much more comprehensive approach to brand protection.

Simply defined, the DNS is the system that converts numerical network addresses (IP addresses) to host names (domain names). Under the bonnet it is a lot more complex. The DNS records describe the relationship between domain names and IP addresses. Domain names, IP addresses and nameservers are associated with each other and with individual people and organisations via Whois records. And there are multiple layers to these relationships.

As information gets passed between DNS resolver and various nameservers, in order to get your client an IP address, an enormous amount of data and information is created and passed through the DNS. It is the real-time availability of this data that is of particular value in brand protection and investigation.

Having access to DNS data can be useful in a number of ways for brand protection professionals:

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Adrian Tapping at atapping@newtonmedia.co.uk