F-Secure and Whalebone have announced a new partnership to deliver DNS-based protection for mobile and fixed networks. The three-layer solution will be implemented by service providers. It will also provide an opportunity for service providers to create a new revenue stream.
Antero Norkio, Vice President of Solution Management, F-Secure, said: “Our strategy for seamlessly securing consumers using a layered-approach empowers our service provider partners to protect their customers anywhere—at home, on-the-go, and while using public WiFi.
“Now with Whalebone’s fast and reliable DNS security combined with F-Secure’s portfolio, service providers can protect any device in the network and also create tiered security service offerings.”
What are F-Secure and Whalebone delivering?
The three layers in this solution include personal devices, routers and capabilities for service providers. The companies list them as:
- Layer one: F-Secure TOTAL provides the broadest protection for personal devices with F-Secure’s industry-leading endpoint protection and advanced online protection and privacy with VPN.
- Layer two: F-Secure SENSE connected home security embedded in service provider routers for full visibility to all home traffic along with the ability to provide advanced protection for all types of devices on the network edge against cyber threats.
- Layer three: Whalebone DNS network security ensures baseline protection for every device directly from the service provider network.
Remote working over the last year has shown how poorly secured many devices are. Additionally, the explosion of smart devices in the home is a risk to both individuals and their employers. The problem for employers is how to secure employees devices and what happens when they change job.
A challenging problem for service providers
There have been other attempts to allow service providers to offer managed security over the years. Most have failed due to the variety of routers attached to a service providers network. To enable service providers to access routers, manufacturers have often hard-coded blocks of credentials inside the routers. This has made it easy for cybercriminals to also gain access to the router.
Another challenge has been the lack of responsiveness from router manufacturers to vulnerabilities. Updates to firmware can take months to bring to market if they are delivered at all. It has made it difficult for the customer and the service provider to patch and protect routers. As such, most service providers do nothing to protect users.
This announcement, however, opens up a potential new revenue stream for service providers. They will be able to offer a security service to customers that, it seems, people are increasingly willing to pay for. A recent survey from F-Secure showed that 72% of consumers are willing to pay for better security at home.
By operating at the DNS level, Whalebone focuses on stopping devices connected to known bad domains. This has the advantage of disrupting both command and control servers and domains serving malware. If this is a browser-based request, it then returns the blocking page data to the users’ browser. If it comes from an app or malicious software, it just blocks the connection to the suspicious domain.
Enterprise Times: What does it mean
Anything that reduces the impact of malware is to be welcomed. However, there is much more here that could and should be done. Blocking a malicious website is good practice. However, many systems that do this then providing the user with the option of still proceeding. That is not good practice, and it is to be hoped that service providers will make a block an absolute.
A more challenging issue is how to help the user deal with malware making calls to C2 servers and downloading more malware. It requires a working relationship with the end-user and an easy way to remove the malware.
This is where the relationship with F-Secure could work. If it detects malware or a call to a C2 server it should trigger F-Secure to alert the user. At that point, the user can run the F-Secure software to clean infected devices. Another solution would be to push blocking lists to routers. However, this assumes the service provider has secure access to the router and can ensure a cybercriminal cannot remove the lists.
What this announcement is missing is buy-in from any of the major router or smart device manufacturers. Add that level of support into the mix, and you have a solution that will improve security.