20 Dec Whalebone DNS Security
In the last few years, we have seen a significant increase in DNS security products. Some of them are integrated into another product, others are standalone pure-DNS focused vendors.
The most important thing that we expect from a security product as this, is blocking malicious URLs. Indeed, being able to categorize and allow or block depending on the user or location is a very welcome addon, but more important is how we can rank them in quality. Yes, that’s exactly what we would like to do here, compare the different vendors and put them in a chart.
How did we go to work?
We started collecting different malicious domain databases from different locations in the world. Each single domain was then first checked against Google DNS to see if it was still resolved and was not already blocked at Google. This resulted in a list of 33022 domain names.
Security
This list was then tested against a list of well-known DNS security systems. The 9 vendors that were tested are a combination of public DNS, agent based or both.
The results are clear. Three products out of the nine tested are almost useless. Three are clearly very secure. Imagine a user clicks on a malicious URL, with one of the three bests of class, you are +99% sure it will be blocked. Without any, theoretically, you are 100% sure the link will continue.
If you would like to know the names of the vendors, please contact us via [email protected] or via your trusted contact.
Performance
The second test we did was a speed test. What is the response time for a DNS lookup? To eliminate the delays caused by the script itself (overhead), we only looked at the differences between the different DNS providers and not at the exact figures. In other words, we don’t look at how long it takes for the response, but we only look at the relative times compared to the first one.
Tests for speed are done with good domains, since this is the speed you will notice in a normal situation.
In the charts below you can see both the median and the average comparisons between the fastest (=0) and the rest compared to that. So, vendor number 8 is the fastest so therefore it is used as a baseline being 0.
The best product would be the vendor that scores high in the first graph and very low in the other two graphs.
If you would like to test a particular vendor that was not already tested, we could look at it together, but the best thing would be to run it from the same computer and from the same location, so we get comparable performance results.
Conclusion
Price is not considered, since some vendors have DNS security included in their packages or only use a particular type of lookup, it’s hard to say that one of them is the best buy. More security is always better, but the question is if there is the budget to increase security from almost 70% to almost 100% supposing security was already included in the base price.
Vendor names were not published to avoid short-sighted conclusions but are available on request.
Since the actual report is updated from time to time, the exact figures in that report will be slightly different.
Still have questions about DNS security? Don’t hesitate to contact [email protected].
No Comments