A10 Networks Helps Service Providers Secure and Protect DNS Traffic with DNS over HTTPS (DoH)
March 05 2020 - 11:00AM
Business Wire
Thunder® CFW Native DNS over HTTPS Capability
Helps Service Providers’ DNS Security by Preventing Interference
and Enabling User Privacy
A10 Networks (NYSE: ATEN) today announced the availability of
its Domain Name System (DNS) over HTTPS (DoH) capability in the
Thunder Convergent Firewall (CFW). This native capability enables
service providers to offer DoH services to their subscribers. It
helps organizations who run DNS infrastructure deliver higher DNS
security by preventing interference and enabling user privacy
protection through end-to-end encryption for DNS queries, without
sacrificing the performance and latency needed for DNS
infrastructure. DoH ensures deeper protection to subscribers
against DNS-based attacks. This ultimately improves operational
efficiencies for customers while enhancing security.
Encryption is fundamental for the privacy of data on the
internet. HTTPS (encrypted HTTP) has one of the largest shares of
traffic on the internet today. Due to privacy concerns after the
2013 Snowden leaks, HTTPS is now the de facto standard with sources
such as Mozilla Firefox, which showed a 300 percent increase over
the period. DNS traffic, by contrast, remains a largely unencrypted
channel on the internet. When the DNS traffic is unencrypted, it is
vulnerable to manipulation and privacy violations. For example, in
A10 Networks’ Q4 2019 State of DDoS Weapons report, DNS resolvers
are one of the top-five DDoS weapons and DNS service ports are one
of the top-10 UDP targets. DNS is also exploited for malware,
ransomware and data theft attacks. Resilient, high-performance DNS
infrastructure is essential for the proper functioning of service
provider networks and the internet itself.
A10 Networks has worked with large service provider customers to
develop a DoH capability, and it is now deployed in production at
tier-one service provider networks. The capability is based on a
proposed standard published as RFC 8484 by the Internet Engineering
Task Force (IETF).
DNS over HTTPS is available today as a native capability with
Thunder CFW on any hardware or software appliance, including
containerized instances. DoH can be combined with the product’s
other security features, including the application delivery
controller (ADC) functionality to support comprehensive protection
and availability for DNS, while maintaining the performance needed
in service provider-scale DNS infrastructure.
DoH solution provides:
- Investment Protection – DNS infrastructure is one of the
most critical components for operators. It is designed to handle a
large volume of traffic and is often the target of extensive
attacks. The DoH capability is designed to protect and augment the
existing DNS infrastructure investment for service providers. The
existing DNS infrastructure solution components remain unchanged,
and the secure connectivity and protocol translation are handled
natively. Thunder CFW also includes multiple secure application
services, including full ADC functionality, as part of the A10
Orion 5G Security Suite.
- Scale and Performance – The DoH encryption enabled by
TLS requires additional processing capabilities. Thunder CFW is
designed for the scale and performance required for high-volume DoH
traffic. The encrypted DNS queries can be handled at scale by using
built-in advanced hardware capabilties specifically designed to
deal with encrypted sessions.
- Security and Visibility – A10 provides secure
application services to protect DNS infrastructure from multiple
attack vectors, these are extended with the DoH capability.
Organizations can combine multiple services as required. For
example, DNS application firewall, DNS request and query-rate
limiting, DNS flood protection, DNS caching and more to improve the
security, availability and performance of DNS infrastructure.
“Security of the DNS infrastructure has never been more critical
for service providers and for their enterprise customers than now.
DNS queries are transmitted in clear text, unencrypted. As a
result, DNS queries are easily subject to spoofing, interception,
hijacking and other issues,” said Gunter Reiss, VP of worldwide
marketing at A10 Networks. “A10’s DNS over HTTPS capability helps
service providers protect their DNS infrastructure from devastating
attacks, while providing the performance and scale required.”
Related Links
- Q4 2019 State of DDoS Weapons
Follow Us on Social Media
- Visit our blog
- Connect with us on Facebook and LinkedIn and Twitter
About A10 Networks
A10 Networks (NYSE: ATEN) is a leading provider of secure
application services and solutions, with a range of
high-performance application networking solutions that help
organizations ensure that their data center applications and
networks remain highly available, accelerated and secure. Founded
in 2004, A10 Networks is based in San Jose, Calif., and serves
customers globally with offices worldwide. For more information,
visit: www.a10networks.com and @A10Networks.
The A10 logo, A10 Networks and Thunder are trademarks or
registered trademarks of A10 Networks, Inc. in the United States
and other countries. All other trademarks are the property of their
respective owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20200305005627/en/
Karin Gilles Kgilles@a10networks.com 408-240-5176
A10 Networks (NYSE:ATEN)
Historical Stock Chart
From Mar 2024 to Apr 2024
A10 Networks (NYSE:ATEN)
Historical Stock Chart
From Apr 2023 to Apr 2024