It seems a week doesn't go by without some Internet-related security problem popping up. That's why it's a big deal that OpenDNS, a major Domain Name System (DNS) provider and Internet security company, is buying BGPMon.
OpenDNS began as a service for people who were discontented with their ISP's often poor DNS services. While they still provide DNS for end-users, they've become experts at intelligently routing their customers away from malware, botnets and phishing sites. While they were doing that, BGPMon became the top professionals at monitoring Border Gateway Protocol (BGP) and helping their customers avoid BGP performance and security problems.
While everyone who understands the technical side of the Internet knows about DNS, BGP is more mysterious. BGP is just as vital to the Internet running smoothly. Perhaps fewer of us know about BGP because as Dan Kaminsky, a well known security researcher and White Ops' Chief Scientist, cynically tweeted recently, "the difference between DNS and BGP is we know how to fix DNS."
BGP is used by major ISPs and companies to determine the quickest routes between routing domains, or autonomous systems (AS) in BGP jargon. So, for example, if your company uses multiple ISPs, your corporate routers are assigned BGP AS addresses from your Regional Internet Registry (RIR). In the United States that's the American Registry of Internet Numbers (ARIN). A BGP-enabled router may need to keep tabs on over 500,000 routes.
While BGP Internet problems don't happen as often as those from DNS attacks, they can be more dangerous. BGP spoofing, for example, could misdirect your Internet traffic and you might not even know why you couldn't get to your favorite websites. Or, worse still, you'd be getting to your fave websites, but only after all your traffic has been intercepted along the way.
For example, in August 2014, some BGP routers started failing because they were not able to keep up with all the new BGP routes. The result was ISPs around the world started to suffer from major performance problems. That same month, a BGP hijacking led to a major Bitcoin robbery.
In short, BGP has been growing more vulnerable.
Thus it makes perfect sense for OpenDNS to acquire BGPMon. As David Ulevitch, OpenDNS's CEO, wrote as "a security company that has pioneered and become the leader of using DNS as a strong vector for raising the bar for threat protection, it should come as no surprise that we've expanded our horizons to now include BGP with the acquisition of industry leader BGPMon."
So, Ulevitch continued, "Moving forward, our integration plan for BGPmon is straightforward. We'll invest in building out the service and making it more complete--but we also are committed to keeping the free features free. We'll continue to use BGPmon data and innovate to augment our predictive intelligence and provide better threat protection to OpenDNS customers."
Apart, both companies were working on securing and monitoring two essential Internet protocols. Together, they should make the Internet even safer, and that's no small thing.