Hybrid DNS technology provides the highest-level of security for your name servers. When a zero day vulnerability alert or actual cyber attack affects your currently-running name server software, Hybrid DNS technology gives you alternative name server software that you can switch to with a single click. Your data center operations continue normally, and you revert to using the original name server software only after its vulnerability has been patched, tested and verified. The results are greater security, less risk, better performance (the alternative name server software is highly responsive), and easier administration. EfficientIP is the only DDI vendor to provide state-of-the- art, high-quality, truly effective hybrid DNS security. The EfficientIP Hybrid Technology incorporates a second DNS engine, in addition to BIND, in a single DNS appliance. The alternate DNS engine is based on two different name server products, Unbound and NSD from NLnet Labs. Unbound is a validating, recursive, and caching DNS resolver designed for high performance. NSD is an authoritative only, high performance name server. At any given moment, one DNS engine is active (running) on a SOLIDserverTM DNS appliance and the other is in standby mode. EfficientIP’s SmartArchitectureTM automatically ensures that configuration changes are synchronized between the two DNS engines. With a single click, you switch from running a Bind name server software that’s been hacked to alternate NSD or Unbound server software that’s been unaffected by a security breach. The alternative name server software can remain in place while DNS programmers patch, test and validate a security upgrade to the vulnerable name server product. As you will use different technologies with your Firewall infrastructure, you need several DNS engines to mitigate Zero Day vulnerabilities

1. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Hybrid DNS Engine:
Strengthen the DNS Foundation

2. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Agenda
Page 2
Market Driver : BIND DNS Strengths and Weaknesses
Hybrid DNS Engine : Next Generation DNS Appliance
Hybrid DNS concept
Using the Smart Architectures to deal with HDE
Hybrid DNS Benefits
Demo

3. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
DNS Security Risks Context
Page 3
DNS Attacks Are in Constant Growth: +200%
Source: Quaterly Global DDoS Attack Reports, 1st Quarter 2013

4. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Bind is the Most Popular & Deployed DNS Engine
Very flexible with the most comprehensive integration of RFCs
De facto a “standard”
Security Risks
Most popular means main DNS server target for hackers
Numerous security vulnerabilities (OS & DNS Service)
Authoritative and recursive are not separated
Performance Limitation
BIND performances are not enough to efficiently mitigate DoS attacks
Market Driver :BIND DNS Strengths & Weaknesses
Page 4
When compared with Q2 2012 (1.76 percent), Q1 2013 (6.97 percent), and Q2 2013 (7.25 percent), statistics indicate that DNS attacks are on the rise, both in the form of standard floods and Distributed Reflected Denial of Service (DrDoS) attacks. From Q2 2012 to Q2 2013, DNS attacks increased 5.49 percent. DNS attacks are usually directed at organizations with large infrastructures where oversight or misconfiguration of DNS services can cause severe impact to selected targets. Source: Prolexic Quaterly Global DDoS Attack Report

5. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Hybrid DNS Technology: 3 DNS Engines in One Appliance
DNS BIND (ISC), NSD and UNBOUND Cache (NLnetLAB)
One Active DNS Engine at a Time
The Hybrid DNS Engine is managed as a single entity: Automated synchronization
Hybrid DNS Engine: Next Generation DNS Appliance
Page 5
NSD

6. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Hybrid DNS takes advantage of SmartArchitectures
Integrated Best Practices
Configuration generated and pushed automatically
No need to be a DNS expert
Switching from one engine to another
Is controlled by the Administrator
Is done only if the underlying configuration is correct
Is done without any DNS service interruption
Dealing with Hybrid DNS : SmartArchitectures
Page 6

7. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
3.Manage
2.Deploy
1.Design
Master-Slave
Template
Service
Master
Slave
Slave
Architecture setup
Slave
Slave
Master
Master-Slave Template
Master-Slave
Template
Management Appliance
Available servers
RR Zone Options …
Management of the SmartArchitecture as one “Virtual server”
Page 7
SmartArchitecture™ Deployment & Management Automation

8. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Hybrid DNS Engine for Hybrid DNS Architectures
Simplify DNS Architecture Design, Deployment and Management with SmartArchitecture Templates
The Hybrid DNS architecture is managed as a single entity
HDE For Next Generation DNS Architecture
Page 8
Master
Slave
Slave
Slave
NSD
NSD

9. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Block Zero-Day Vulnerabilities
Eliminate single point of failure (SPoF) following security alerts
Immediate remediation of security threats: Switch from a technology to another
Strengthen DNS Architecture Security Foundation
Baffle hackers with higher complexity of security footprint
Enhance Agility & Risk Management to Security Threats
No immediate need to update: Switch from a technology to another
Test and plan before updating
Improve Performances to Mitigate DoS Attacks
Up to 300,000 qps
Hybrid Technology Benefits
Page 9

10. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
EfficientIP Company Overview
Americas Headquarters- West Chester, Pennsylvania
European Headquarters- Paris, France
Since 2004 – Innovative DDI Software Company
Smart DDI - SmartArchitecture, Hybrid DNS, Data Reconciliation, Compliancy Management, Unified Repository, VLAN & Device Management Integration
Coverage in 60 Plus Countries
Doubled Number of Employees in 2012 and Again in 2013
Solid Financial Foundation – Organic Growth& Private Funding
Full Value Add Services: Hardware Replacement & TAC access 24x7
Strong Technological Alliances
Page 10

11. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Customers
Telecommunication
Vodafone
Colt
T Mobile
SFR
Easynet
KPN
Telecom of Thailand
Qatar Telecom
Maskatel
Virgin Mobile
ONO
Energy Repsol EDF GDF Suez Air Liquide Education Leeds University Hamburg University Paris University Utrecht University Pais Vasco University
Banks & Insurances Allianz Zurich Financial Services Swiss Re Axa Wealth Standard Life Bank of France BRED Electronics-Defense Philips NXP Nokia Siemens Network Cassidian EADS Astrium
Page 11
Transportation
Norbert Dentressangle
SANEF
APRR
Metro of Madrid
Metro of Paris
Services
Cap Gemini
STERIA
Adecco
Sopra Group

12. Confidential-Property of EfficientIP- All rights reserved-Copyright © 2014
Page 12
Demo