OpenDNS Deploys Umbrella for Mobile Security

You can accelerate mobile traffic and secure it at the same time.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

OpenDNS is perhaps best known for its namesake service that provides users with an optimized DNS service, but that's not the only thing the company does.

OpenDNS also has security services providing users with cloud-based malware protection. That service is now being rebranded as 'Umbrella' and is also being extended for the first time to Apple iOS devices.

OpenDNS CEO and Founder David Ulevitch explained to Datamation that there are a few different ways the Umbrella mobile security offering can be deployed to users.

"The IT administrators can provision accounts for all the employees who then get a link to download the app from the AppStore," Ulevitch said. "The IT administrator can also roll out a mobile configuration."

Ulevitch noted that if an enterprise is already using a Mobile Device Management (MDM) solution, they can just deploy the Umbrella configuration that leverages the existing iOS VPN support. The mobile configuration defines the setting required to connect to the Umbrella service via a secure VPN tunnel.

"Unlike traditional VPNs that will take you back to the enterprise headquarters, this one will take you to the closest OpenDNS datacenter, to improve latency and performance," Ulevitch said.

Apple iOS users have control over their own devices and can potentially simply disable the VPN. While that might present a challenge for a basic VPN, Ulevitch is confident that the Umbrella approach mitigates that risk.

"From our end, we can detect very quickly when a user has disabled the VPN and so we can alert the administrator," Ulevitch explained. "Our goal is to provide security and we want it to be on all the time."

While Ulevitch wants Umbrella to be on all the time, he also wants to provide users with a degree of transparency about what is going on. That's where the App comes into play.

"The app gives the user an indication of what the current policy is," Ulevitch said. "Users may not be able to modify the policy, but at least they know that sites are logged and malware and botnet detection has been enabled."

Since Umbrella is a VPN connection, all app traffic is protected providing what Ulevitch described as a full wrapper around the phone. That's a different approach than the Split Tunnel VPN that has been commonly deployed in mobile solutions. In a Split Tunnel approach, only traffic that is headed for the corporate network is carried over the VPN. The rest of the traffic is carried on the regular public unsecured Internet.

"A Split Tunnel is a bad idea because if you are hit by a drive-by attack, you have created a secure entrance into your corporate network," Ulevitch said. "That's why we really think that security should be on all the time, for all of your traffic."

The issue that usually holds enterprises back from using a full VPN instead of just a split VPN is all about performance. Typical enterprise VPN connectivity is slower than public Internet access. The OpenDNS approach has a global footprint that accelerates DNS as well as lowering connection speed latency.

The overall goal for Umbrella is to make it easier for users to be secured.

"Our appeal to end users is not to sell them the service," Ulevitch said, candidly. "Our buyer is very much the network security administrator."

The end user, of course, is still important, in that Ulevitch wants the service to be as unobtrusive and as pervasive as possible.

"It doesn't matter if you have the most effective security solution in the world if it sits in a box," Ulevitch said. "If it never gets deployed then it's useless."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Tags: mobile, OpenDNS, mobile security

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.