New DNS encryption tools accelerate privacy online

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

Brand new Domain Naming Service (DNS) Cloudflare is gaining firm ground among internet users. Unlike many other DNS providers, Cloudflare positions itself as a strictly privacy-oriented service.

According to CUJO AI data, it has acquired nearly 4% of the total DNS market since its launch on April 1st and now stands as the fifth most popular DNS provider. Moreover, Google and Apple announced that they will start encrypting DNS traffic. What does that mean for internet privacy?

DNS encryption tools accelerate privacy online

DNS (Domain Naming Service) turns the website address you enter into a computer-recognizable IP address. This way a user can access the content they were looking for online.

Even though that content might be encrypted, the user’s IP is not, and neither is the DNS traffic. Cloudflare and it’s alternatives (OpenDNS, Google Public DNS, and Quad9 amongst others) allow for the encrypted traffic what would ensure that it’s impossible to spy on the websites visited by the home user.

Even though CUJO AI data suggests that only a minority of DNS traffic, is currently encrypted, we see a steady trend that more endpoints are willing to engage in, so-called DNS-over-TLS. Apple is planning a DNS over TLS feature for devices running iOS 11 and above, while Google is extending its DNS over TLS support to the mobile OS, meaning Android devices are getting an extra layer of security.

Considering that such big players are entering the game and that Cloudflare managed to get a lot of attention along with a significant market share so quickly, we can fully expect that the trend will just grow stronger.

Security vs. privacy: A modern dilemma

DNS encryption, however, creates additional security risks. One of the most common cybersecurity methods is DNS blacklisting. It relies on analyzing unencrypted traffic, finding known-bad websites and blocking them.

DNS blacklisting databases are updated every 12 to 36 hours. It is not the best security method even now when the traffic is not encrypted. It will become obsolete once a universal DNS encryption takes place.

Machine-learning based threat detection is the solution that is referred to as the more effective alternative. It works in real time employing algorithms that become more accurate by the minute.

Its strength lies in the fact that it is proactive. Instead of using databases that can have incorrect or expired information, such security measures learn the network behavior and identify malicious patterns.

That way even completely new threats that have not been registered on any databases yet can be identified, and the end user can be alerted. Early intervention is crucial since some malware can cause irreparable damage, such as permanent file corruption or sensitive information theft.

While traditional security vendors rely on DNS blacklisting services to provide security solutions, CUJO AI uses artificial intelligence algorithms and behavioral analysis to ensure network security. CUJO AI machine learning algorithms learn from huge datasets and create behavioral patterns out of them.

They list what kind of behavior is known-good and how a malicious behavioral pattern looks like. The algorithms compare the usual network and device behavior with the known-bad and known-good behavior. If it notices unusual or potentially malicious behavior, it blocks it and notifies the user.

It should also be noted that highly focused spear-phishing or whaling attacks do not leave a significant footprint on the internet and are rarely included in the Cyber Threat Intelligence databases. Nevertheless, machine-learning methodology can detect such malicious activity by design.

Privacy is a growing concern for Americans

Two-thirds of Americans think current laws are not enough to protect their privacy, and 61% would like to do more themselves in order to ensure it. However, many are not confident on how to go about it.

Privacy by design is no longer just a concept, either, as only the data absolutely necessary for the completion of duties can now be held and processed.

General Data Protection Regulation (GDPR) is currently setting the precedent for user privacy treatment, and it is very likely that it will become the future gold standard. The best way to comply with it is to automate the vast majority of data processing, which is a task that can also be achieved by machine learning.

In fact, GDPR encourages that to some extent by stating that access to personal data should be limited to those “needing to act out the processing.” Ensuring that only machines handle that data is a viable solution, albeit one that needs to be worked on.

About CUJO AI

CUJO AI is a pioneer of consumer IoT and network security since 2015, combining AI with real-time threat intelligence. The company is providing network operators AI-driven solutions, including AI security, advanced device identification, advanced parental controls, network analytics, and more.

CUJO AI Platform creates intuitive end-user facing applications for LAN and wireless (mobile and public WiFi) security. Network operators that deploy CUJO AI solutions on their infrastructure provide personalized customer experience, offer advanced protection, and ensure seamless device management.