Oracle has written a cheque for the troubled DNS provider Dyn which was hit by a distributed denial of service attack in October that crippled some of the world’s biggest and most popular websites.
Oracle wants to add Dyn’s DNS solution to its bigger cloud computing platform, which already sells/provides a variety of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) products and competes against companies like Amazon’s AWS.
The deal is expected to be worth about $600 million, but no one is going on record to say that. It is also unclear if the deal was being negotiated before the Mirai botnet took down a series of sites in October.
Dyn powers some 3,500 customers’ sites. In its statement, Oracle said the outfit “drives 40 billion traffic optimization decisions daily for more than 3,500 enterprise customers”. Customers include Netflix, Twitter, Pfizer and CNBC among many others.
Oracle president Thomas Kurian said that Oracle already offers enterprise-class IaaS and PaaS for companies building and running Internet applications and cloud services.
“Dyn’s immensely scalable and global DNS is a critical core component and a natural extension to our cloud computing platform.”
In a letter from Kurian to customers and partners, Oracle fails to even mention of Dyn’s DDoS attack. Instead he talks about how Dyn’s platform “monitors, controls, and optimizes Internet applications and cloud services to deliver faster access, reduced page load times, and higher end-user satisfaction.”
The pair will continue to operate independently until the transaction closes.
Dyn is Oracle’s 114th acquisition. Other recent acquisitions to fill out its enterprise cloud services, include the security startup, Palerra which might be useful to solve Dyn’s woes.
A report from Zscaler examines security threats ahead and said the diversity of devices used to access data make it difficult for organisations to stay ahead.
The Zscaler 2014 Security Cloud Forecast says that attacks on DNS servers are increasing and one of the problems is that “tens of thousands” of Internet DNS are not secured. And attackers use DNS techniques mimicking load balancing, with malware using DNS to conceal command and control networks. Companies, in 2014 should monitor DNS traffic, particularly on new domains.
Cloud services rely on HTPPS and SSL for encryption but by the end of this year, the industry standard will become 2048-bit keys rather than 1024 bit. Visibility becomes as much as five times more difficult with this move. SSL will be enabled by default for many web services next year.
The move to BYOD – bring your own device – is “the weakest link”, said Zscaler. When businesses move corporate data to the cloud and people use mobile devices there is no real security appliance between data and device. Zscaler warns to expect mobile attacks using email, web and malicious third party apps.
And the “internet of things” also brings its own problems, Zscaler warns. Accessing these multiple devices using smartphones is insecure but there is no minimum base level security in place. “In 2014, attackers will make attempts on the internet of things in homes, businesses and in critical pieces of infrastructure,” the report concludes.