Chief Operating Officer, Farsight Security
Chief Operating Officer, Farsight Security
I have been involved with the Internet one way or another since the mid 90's. At that time, I worked at AT&T, which was a telecommunications behemoth known for its domination of long distance and toll-free services. In 1994, I was promoted to AT&T headquarters in NJ to work on a project which was to become AT&T's first foray into Internet access: WorldNet. Since then, I worked on directory services, as well as some of the earlier e-commerce enablement systems such as an electronic wallet. By 2001, I was at Verisign working on an Internationalized Domain Names (IDN) testbed. At that time, the standards to enable the use of non-Latin scripts as domain names had not been finalized, and one method in use was the Row-based ASCII compatible Encoding (RACE). To understand RACE and other approaches to enabling IDNs, I had to understand DNS. So, in a way, you can say my first intro into DNS was a crash course. Since then, I have been interested and active in various uses of DNS (ranging from IoT to security) as well as issues related to its use and governance.
2) Organizations increasingly are using passive DNS to help reduce risk to their brands and improve detection-response time against cyberattacks. What factors are driving this rapid adoption?
Today there is a greater understanding of passive DNS and its use for combatting cyberattacks. This evolution is due to several factors:
DNS was designed for scalability not security. On the one hand, this design enabled the mass adoption of the Internet, but, on the other hand, it created some unintended consequences. Some were design flaws that posed security risks such as the Kaminsky bug (a design flaw that allowed DNS cache poisoning) while others were well-intentioned decisions that had unintended consequences such as first-come, first-serve registrations (cybersquatting). Internet and DNS use is no longer a luxury but a utility. Billions of people depend on the Internet and its infrastructure, the DNS, to communicate, get informed, and even make a livelihood. Internet governance has evolved greatly since the early 2000's. In order for it to be effective, it must be in lockstep with however the DNS is used, which means, by necessity, it is always behind. Furthermore, since Internet governance is and should stay within a multi-stakeholder model, it means the process by which new policies are proposed and adopted takes time. As a result, Internet governance cannot be our only shield against DNS abuse. We need inventive tools to anticipate the next security threat and take actions to guard against it.
There had been relentless debate reaching back to the early 2000's on whether new generic Top Level Domains were needed, and what their impact would be on DNS abuse. In some ways, many of the early predictions turned out to be unfounded. For example, despite the fear (or hope!) of many, brands did not spend billions securing their trademarks in every new gTLD. On the other hand, the plethora of choice in gTLDs and the increased supply of potential new domain names, has meant lower prices and disruption of some industries built on the idea of scarcity (domaining). It has also meant that the way some registries choose to compete is by giving away free domain names or providing incentives to registrars to price them so low as to be almost free. This approach has lowered the economic barrier to entry for bad actors, which means we now see DNS abuse not just in the traditional TLD choices but also many of the new ones. I believe the trend is for domain names to be more readily available (plentiful) and cheaper, but to recede into the background as Internet usage continues to evolve from the direct type or even type-in search to voice-and-motion directed search/navigation. All these trends point to an even more complex threat landscape while Passive DNS becomes an even greater tool for threat hunting.
To me, this is a question of "why" and not "what." Although one of the reasons I joined Farsight is the massive brain trust the company has built, the most important reason why I joined Farsight has to do more with "Why". In other words, why is Farsight in business? What does it believe in, and do I believe the same? Fundamental to everything Farsight does is the belief that current and future generations should have a reasonable expectation of safety when using the Internet. And that expectation need not come at a cost of loss of privacy. I hold the same beliefs, and I find when there is a fundamental belief that underpins whatever it is that you do, you are more likely to be fulfilled and feel a sense of purpose. At the end of the day, that is what binds us, a sense that we are contributing to a greater good.