Seven in ten FTSE 100 companies are not ready for the next major DNS attack

ThousandEyes has found that 72% of the Financial Times Stock Exchange (FTSE) 100 companies are not adequately prepared for the next major attack on the domain name system (DNS), according to the results of the 2018 ThousandEyes Global DNS Performance Report.

 

Additionally, the report found similar vulnerability among 68% of the top 50 companies on the Fortune 500 rankings and 44% of the top 25 SaaS providers. The full 2018 ThousandEyes DNS Performance Report is available here.

 

The annual ThousandEyes report, released today, is an analysis and global performance comparison of DNS, the Internet infrastructure that acts as the phone book of the Internet, translating domain names, such as www.thousandeyes.com to Internet Protocol addresses. This ThousandEyes DNS research also includes an IT architecture readiness assessment for leading global brands, determining their level of risk should another incident occur like the Dyn attack of 2016.

 

“Because Digital Experience is so central to a brand’s success these days, it’s critical that businesses understand that not all DNS infrastructures are created equal — performance and risk exposure varies widely between providers and geographies, so they need to be aware and base decisions on data relevant to their market,” said Craig Matsumoto, Senior Analyst at 451 Research. “Moreover, very basic DNS architectural decisions matter. In this day and age, not properly architecting for potential attacks is a major risk factor that businesses need to mitigate immediately, if they care at all about their website or services being discoverable on the Internet.”

 

Key findings of the 2018 ThousandEyes DNS Infrastructure Performance Report include:

• Leading enterprises and SaaS providers remain needlessly vulnerable: DNS best practices are not widespread in major enterprises and SaaS providers, exposing them to severe risk and potentially making them vulnerable to the next attack such as Dyn experienced nearly two years ago.
• Not every DNS infrastructure is created equal: DNS performance varies widely for public resolver providers and managed providers across regions and countries. Consideration for managed providers should be based on measured performance, rather than brand, or scope of global presence.
• Social and political systems create unpredictability: DNS performance variations correlate to countries known to interfere with Internet behavior, and controls over technology create risks for doing digital business in certain regions.

 

Cloudflare, Google and OpenDNS are Top Public DNS Performers

Out of fifteen measured public DNS providers, newcomer Cloudflare was found to have overall fastest performance, followed by Google and OpenDNS, both of which improved over their performance in the 2017 ThousandEyes analysis. Top providers varied by region and country. Performance highlights of the 2018 report include:

 

• In the UK, Level 3 had the best performance, followed by Google and OpenDNS
• In the United States, Google was the top performer, followed by Cloudflare and OpenDNS
• In Japan, Cloudflare was the fastest performer, with Google in second and Neustar in third place

 

Top Managed Providers Vary by Region

ThousandEyes found significant diversity of performance across providers and regions among managed DNS Providers. The top three performers included Cloudflare, Dyn and NS1. “Without DNS, there is no Internet. It's how users find a company’s apps, sites and services on the Internet. A DNS performance issue or attack can have a critical impact on customer experience, revenue, and brand reputation,” said Angelique Medina, senior product marketing manager at ThousandEyes. “The ThousandEyes report highlights vital insights that can help organizations design a more effective DNS infrastructure — because even the most basic DNS decisions can determine how a company’s application or service, and ultimately how their overall brand, is perceived.”