Understand what PII is, why email puts it at risk, and how your business can strengthen security to better protect sensitive information.
The post PII in email: Explanation, risks, & protection appeared first on Security Boulevard.
As the clock ticks down to the full enforcement of Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law mandates robust cybersecurity measures for Critical Computer Systems (CCS) to prevent disruptions, with non-compliance risking […]
The post Hong Kong’s New Critical Infrastructure Ordinance will be effective by 1 January 2026 – What CIOs Need to Know appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Hong Kong’s New Critical Infrastructure Ordinance will be effective by 1 January 2026 – What CIOs Need to Know appeared first on Security Boulevard.
Continuously improve your SOC through the analysis of security metrics. Introduction Metrics are quantifiable measures and assessment results. They empower organizations to describe and measure controls and processes, and make rational decisions driven by data for improved performance. They provide knowledge regarding how well an organization is performing and can help uncover insufficient performance [...]
The post Utilizing Metrics for a Healthy SOC appeared first on Hurricane Labs.
The post Utilizing Metrics for a Healthy SOC appeared first on Security Boulevard.
Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload. If you’re a big Rust user, you may have found that some software composition analysis […]
The post Beyond Cargo Audit: Securing Your Rust Crates in Container Images appeared first on Anchore.
The post Beyond Cargo Audit: Securing Your Rust Crates in Container Images appeared first on Security Boulevard.
Originally published at How to Fix Reverse DNS does not match the SMTP banner Error by EasyDMARC.
The “reverse DNS does not match SMTP banner” ...
The post How to Fix Reverse DNS does not match the SMTP banner Error appeared first on EasyDMARC.
The post How to Fix Reverse DNS does not match the SMTP banner Error appeared first on Security Boulevard.
Originally published at How to Check and Improve Your Email Sender Reputation by EasyDMARC.
If you’re noticing a consistently poor ROI on ...
The post How to Check and Improve Your Email Sender Reputation appeared first on EasyDMARC.
The post How to Check and Improve Your Email Sender Reputation appeared first on Security Boulevard.
Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]
The post Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.
According to Federal Trade Commission (FTC) data, scammers stole $12.5 billion from consumers in 2024, and they're counting on the holiday rush to make this year even more profitable for them. The good news? A few simple habits can keep your holidays merry and your accounts secure. Think of this as being your own [...]
The post Be Your Own Secret Santa: Staying Private and Secure While Holiday Shopping Online appeared first on Hurricane Labs.
The post Be Your Own Secret Santa: Staying Private and Secure While Holiday Shopping Online appeared first on Security Boulevard.
2026 is going to be a strange year in cybersecurity. Not only will it be more of the same, but bigger and louder. It stands to bring about a structural shift in who is attacking us, what we are defending, exactly where we are defending, and hopefully, who will be held accountable when things go …
The post Cybersecurity Predictions for 2026 appeared first on Security Boulevard.
The post CVE-2025-50165: This Windows JPEG Vulnerability Proves Detection Isn’t Enough appeared first on Votiro.
The post CVE-2025-50165: This Windows JPEG Vulnerability Proves Detection Isn’t Enough appeared first on Security Boulevard.
There’s a saying I use often, usually as a joke, but it’s often painfully true. Past me hates future me. What I mean by that is it seems the person I used to be keeps making choices that annoy the person I am now. The best example is booking that 5am flight, what was I […]
The post SBOM is an investment in the future appeared first on Anchore.
The post SBOM is an investment in the future appeared first on Security Boulevard.
SANTA CLARA, Calif., Nov 25, 2025 – Recently, NSFOCUS Generative Pre-trained Transformer (NSFGPT) and Intelligent Security Operations Platform (NSFOCUS ISOP) were recognized by the internationally renowned consulting firm Frost & Sullivan and won the 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation [1]. Frost & Sullivan Best Practices Recognition awards companies each year in […]
The post NSFOCUS Receives International Recognition: 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS Receives International Recognition: 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation appeared first on Security Boulevard.
Key Takeaways Artificial intelligence is becoming a core part of how organizations deliver services, make decisions, and manage operations. But as AI moves deeper into production workflows, leadership teams face a new responsibility: ensuring these systems behave reliably, lawfully, and in support of business objectives. This guide outlines the practical first steps that every organization […]
The post How to Build an AI Governance Program in 2026 appeared first on Centraleyes.
The post How to Build an AI Governance Program in 2026 appeared first on Security Boulevard.
As a DDoS testing and resilience consultancy, we routinely advise our clients to strengthen their architecture by using a reputable CDN like Cloudflare. After this week’s Cloudflare outage, however, many organizations are understandably asking themselves a new question: Should we adopt a multi-CDN strategy instead of relying on a single provider? For the vast majority […]
The post Cloudflare Outage: Should You Go Multi-CDN? appeared first on Security Boulevard.
Overview Recently, NSFOCUS CERT detected that Fortinet issued a security bulletin to fix the FortiWeb authentication bypass and command injection vulnerability (CVE-2025-64446/CVE-2025-58034); Combined exploitation can realize unauthorized remote code execution. At present, the vulnerability details and PoC have been made public, and wild exploitation has been found. Relevant users are requested to take measures to […]
The post Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice appeared first on Security Boulevard.
Key Takeaways What is Unified AI Oversight? In today’s AI landscape, organizations face overlapping regulations, ethical expectations, and AI operational risks. Unified AI oversight is a single lens to manage AI systems while staying aligned with global rules, reducing blind spots and duplication. It ensures AI systems are not only compliant but also ethical, secure, […]
The post Unified Compliance with AI: Optimizing Regulatory Demands with Internal Tools appeared first on Centraleyes.
The post Unified Compliance with AI: Optimizing Regulatory Demands with Internal Tools appeared first on Security Boulevard.
Originally published at Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 by Amanda E. Clark.
In 2025, compliance is key to remaining in ...
The post Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 appeared first on EasyDMARC.
The post Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 appeared first on Security Boulevard.
Every 39 seconds, somewhere in the world, a new cyberattack is launched — and far too often, it’s not a sophisticated hack but the reuse of legitimate credentials already exposed online. As data breaches multiply and stolen credentials circulate across public and underground channels, one truth is clear: exposure is inevitable, but compromise doesn’t have …
The post From Exposure to Action: How Proactive Identity Monitoring Turns Breached Data into Defense appeared first on Security Boulevard.
The post How to Enable Safe File Handling for Clinical and Research Portals appeared first on Votiro.
The post How to Enable Safe File Handling for Clinical and Research Portals appeared first on Security Boulevard.
Incident Summary On October 21, 2025, NSFOCUS Cloud DDoS Protection Service (Cloud DPS) detected and mitigated an 800G+ DDoS attack towards a critical infrastructure operator. The target network sustained a multi-vector volumetric DDoS attack peaking at 843.4 Gbps and 73.6 Mpps. The assault combined UDP-based floods (dominant) with amplification and reflection techniques. NSFOCUS Cloud DPS […]
The post NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator appeared first on Security Boulevard.
Inside DNS Threat Intelligence: Privacy, Security & Innovation
In this episode of the Defenders Log, host David Redekop speaks with Tim Adams, the founder of the protective DNS resolver Scout DNS. Tim shares his origin story, explaining how he transitioned from a wireless network integrator to building his own DNS solution. He saw a need for an affordable, effective content filter for nonprofits and schools after OpenDNS was acquired by Cisco. What started as “Church DNS” in 2017 evolved into Scout DNS, a project Tim notes was far more complex than he initially imagined. He emphasizes that Scout DNS is bootstrapped and “private equity unencumbered,” a key selling point for Managed Service Providers (MSPs) who value stability.
The discussion covers several key DNS topics, including the challenge of balancing strong threat intelligence against false positives and the need to move beyond traditional threat feeds. Tim advocates for a zero-trust model that blocks unclassified or newly seen domains to shrink the attack surface. He also explains why Scout DNS adopted DNS over HTTPS (DoH) for its roaming clients, as it reliably uses port 443.
Looking ahead, Tim predicts a fractured internet with differing regional standards for privacy, weighing government access against corporate tracking. He concludes by highlighting the three reasons MSPs choose Scout DNS: a strong product built on word-of-mouth, a flexible month-to-month billing model, and high-touch customer service.
Full episode of The Defender’s Log here:
Inside DNS Threat Intelligence: Privacy, Security & Innovation | Tim Adams | The Defender's Log
View it on YouTube: https://www.youtube.com/watch?v=R97vq2yRFNU
Listen to the episode on your favourite podcast platform:
Spotify
https://open.spotify.com/episode/32Nqh1PDenWzVOnCWhDueN
ADAMnetworks
https://adamnet.works
The Defender’s Log - Episode 009 Transcript
Tim Adams: You don’t really know DNS until you’re in DNS.
David Redekop: If there’s one thing you could force upon the world as it relates to DNS, would there be anything that comes to mind?
Tim Adams: Everything that goes in that ten millisecond response has to be done in nanoseconds.
David Redekop: What’s the terrible dystopia we are sleepwalking into that we need to pay close attention to as internet defenders?
Tim Adams: Every year we have thousands of more arrests of CSAM abuse cases from the internet.
David Redekop: If we want privacy for ourselves, we’re going to have privacy for the criminal.
Tim Adams: We try to make sure that in our case, every data center can operate autonomously from the core.
Narrator: Deep in the digital shadows, where threats hide behind any random byte, a fearless crew of cybersecurity warriors guards the line between chaos and order. Their epic battles rarely spoken of until today. Welcome to the Defenders Log, where we crack open the secrets of top security chiefs, CISOs, and architects who faced the abyss and won. Here’s your host, David Redekop.
David Redekop: Welcome back to another episode of the Defenders Log. And I’m always excited for the days that I get to record one of these because I get to connect with and learn about people in the defender space. And today I have someone with us on this show that has real-life experience in the area of DNS threat intelligence, standing up a public resolver, making it available to managed service providers. And I’m glad to have you. Thank you for coming on, Tim Adams. No relation to Adam Networks, but I love it that we have “Adam” and our comment in our name. Welcome.
Tim Adams: Appreciate you having me. And yeah, who knows? There might be something in there. We have to go check and look that up, but no, appreciate you having me, and it’s a privilege to be here. I’ve seen, you know, familiar with the show and seen a couple of the episodes and so, yeah, it’s really cool to be here.
David Redekop: Well, I always like to recount how we met and how we even connected. And I actually just found you online in search of, “I wonder who else is doing this Anycast protective DNS thing.” And when I saw you and I saw this is, you know, put together by an actual engineer who did a lot of the work, and you had some online presence on LinkedIn. We connected and then what’s funny is one day I’m coming back from Montreal and I stopped by in Kingston to meet up with an old friend, Andy. And Andy knows about you. He’s already talked to you for a number of years off and on. So, anyway, it’s really neat when you connect with someone and then someone else knows the same person, right? And so, the degrees of separation are actually a lot less than we often think. So, I really get to glad to get to know you better.
Tim Adams: Awesome. Same. You know, I’ve seen you. I know you’ve been involved in a lot of the different initiatives around DNS the last couple of years and especially around the zero trust concept or you’re, you know, as you call it, Do Not Talk to Strangers, and your collaboration with Tommy and some other things. And so, yeah. And that’s been, it’s cool to kind of watch some of this from outside and then have conversation with you about it in detail. It’s, it’s pretty neat.
David Redekop: Tim, I’m wondering always about how someone got to their initial aha moment when it became clear that you were destined to do something cool for the world in the area of DNS. What would you point to your first aha moment that you had?
Tim Adams: You know, so, for for me, this is going back, you know, you know, 2010. So somewhere between, you know, 2010, 2015, I’d been running a wireless network integrator. We kind of a network engineering, been specializing in high-density wireless. And nowadays, it’s a little bit easier. The software does a lot of the magic, but, you know, ten years ago, it didn’t. And it was a lot more difficult to cram 2,000 people into a small area and provide, you know, really quality wireless. And we were going through a period of time where where it was becoming more popular and we were deploying, you know, wireless, high-density wireless into areas that had not had it before. And so, in many cases, they didn’t have sort of this, you know, enterprise firewall doing filtering. And so, they needed, you know, all of a sudden, go from having ten people on the internet to occasionally having four or 500 or 800 people on the internet or 1,000 people on the internet.
And it was, how do we provide some level of, you know, content filtering and protection for for this without buying a $20,000 box? This is what what kind of the expense was for that type of a box, you know, you know, ten 15 years ago. And so, we would often recommend for folks to use OpenDNS. It had been a great product. It’s easy to use. You, you know, they were sort of, you know, pioneering a lot of that, you know, cloud-based, you know, filtering resolver that you could configure and sort of manage the policy. And so, we would recommend folks to that all the time. And of course, somewhere in 2015, 2016, Cisco bought OpenDNS, and, you know, Cisco started to do what Cisco does, and things started to change a little bit immediately. And so, for smaller use cases, it immediately became more expensive. And we were dealing with a lot of nonprofits. Sometimes, you know, churches and, you know, nonprofit centers and church schools that that had different, you know, use cases of of the way DNS is used is different. So, licensing didn’t always match. Didn’t make sense for them.
I’d gone to my team and and said, “Hey, you know, why don’t we just purchase something, we, we’ll white label it and we’ll resell it?” And I thought that was a great idea. You know, we’ll just resell this this resolver and and, you know, gets, you know, use as an extra extra, you know, revenue. And when I went through the exercise of sort of pricing that out, it was much more expensive than I thought it was going to be to license some of these, you know, instead of trying to build it from open source. I thought, you know, “Well, we could just build it.” And then when we started to kind of craft what it would look like to build, it’s like we were going to add this and add this in a UI, and maybe we’ll do Anycast and have policies and multi-tenancy. And, you know, it cost about four X what I thought.
You know, building it, you know, the concept of a DNS sink is relatively simple, and there are simple tools to do that like in your home network today. And there were many years ago. But when you have multi-policy and different, you know, different rules in your policy engine, when you make it multi-tenant, and when you add, you know, deeper reporting and visibility and more advanced strategies, it becomes complicated very quickly. And so, yeah, so I was a little naive up front, you know, kind of getting started into this, to be honest with you. Both in just everything just cost a lot more and more time, more energy. Adding Tim team members from an engineering standpoint was was more complicated.
But yeah, so, you know, here we are, you know, we we launched it as as in 2017. Kind of launched the product. We had 100 customers in the first year. We were originally called Church DNS because we had, you know, for whatever reason that time frame, a lot of these churches, you know, large churches were adding wireless to their sanctuaries. And then we’re also doing a lot of church schools and then, you know, other schools and, you know, different things like that. And so, yeah, so long story short, that’s kind of how we got involved. It was just sort of a side project. I sold my wireless integrator about a, you know, about a year later. And it wasn’t large enough for me to sort of like go full-time. So, I went back. I’d taken my first enterprise job in a couple of years. First job I’ve had probably in almost 20 years. And so, that was just it was kind of nice just to do some enterprise sales for a while because it was much easier than the whole entrepreneurship stack of, you know, collection of finance and operations and engineering. Just kind of focus on one thing.
And as soon as, you know, we had an opportunity to go full-time, and rebranded the product in 2019 as more diverse type of customer came to us. And, yeah, so that’s how Scout DNS was kind of relaunched and reborn in 2019. But that’s kind of how, I guess I sort of stumbled into it, right? And yeah, the goal goal really at the time was to bring there were a lot of cool, you know, cloud-based network stacks, cloud, you know, cloud-based network management stacks. And and I felt like, “Hey, why don’t we sort of make it, you know, object-based control, a nicer UI, easier to configure, easier to manage? Bring that to, you know, DNS control and and manageability.” And so, that was the concept there. So, yeah.
David Redekop: I really enjoyed getting to know your product and you for last little while. And you certainly have some very unique features and a very easy to understand environment. So, I definitely recommend it from my initial perspective running it as part of my DNS Harmony fleet of resolvers. So, it’s, it’s pretty cool, especially when I put it to the test. And I would also like to add that you are private equity unencumbered, right? So, you can run your business as you see fit. And MSPs that sign up for your services don’t have to worry about, you know, things getting flipped tomorrow.
Tim Adams: That’s correct. Yeah. No, that’s, you know, we we’ve been mostly bootstrapped. It’s not to say that we, you know, we don’t have a couple of angel or we’ve done a couple of incubator rounds, but we’ve not done any like major, you know, institutional round funding. And, you know, for the most part, we’re we’re sort of looking to avoid that. It’s not to say that if we never had the right situation, but we really don’t want a scenario where if you look at sort of, you know, modern seed-type investing or or beyond seed, the series A, any type of series investment, you know, you wind up in perpetual fundraising, series A, B, C, D, and and the economics have changed over the la, you know, since co over the last few years, the economics have changed a lot. So, you know, for us, you know, we we’ve sort of I don’t know if I’d say I’ve enjoyed the bootstrap route because it’s certainly not easy, but, you know, we we reached profitability, you know, sort of late last year. And so, you it’s definitely rewarding to to be in complete control of the product and the destiny and not have to answer to folks who are just worried about an exit. So, yeah.
David Redekop: Yeah. Bootstrapping most definitely takes a certain kind of person, right? It requires persistence. It requires patience. And I would argue that a lot of the MSPs around the world that should get to know you would put a high level of appreciation on that characteristic where they realize they’re dealing with a business where at the first sound of difficulty there isn’t just an exit or an escape, but rather a persistence to work through it. And that ultimately is how you build resilience. And any business that you know is going to do business with you, even from a protective resolver type service, because there’s a lot of dependencies on there, right? Like, there’s a lot of trust that someone puts into your services, especially if it’s the only one. Then it needs to have a high uptime. And so, your historic uptime also adds a value. So, all of these things go through the decision-making matrix of a would-be buyer of your services. You know, what kind of a person is Tim? How long has he been doing this? You know, what’s the uptime of the service like? What’s the development cycle like of the service offering? Especially in a space that is not only crowded, but DNS is like the underdog and sometimes gets beaten up for stuff that wasn’t really DNS’s fault.
We had a good discussion about the AWS outage where everybody says it’s always DNS. Well, yes and no. The argument there was that it was actually the data in the DNS because the service itself wasn’t broken. It wasn’t patched to be fixed, right? It was actually data that was incorrect that came through an automation source. And so, by not getting through the nuances of what’s going on, then DNS gets the blame, and then that ends up ultimately affecting the industry. So,
Tim Adams: even even beyond that, if you look at the AWS instance, most of the services that were impacted were impacted because of their architecture, not just because of that one failure, but their dependencies on services that aren’t redundant and aren’t resilient. And, you know, DNS is extremely resilient. And we’ve had 100% uptime on our Anycast, knocking on everything, you know, since we launched it almost seven years ago. And that’s just the nature of of that is the nature of, you know, BGP. And if you build things correctly, you know, it doesn’t mean that you can’t have, you know, regional or peering issues and different things like that that can happen. But if you’ve designed it well, those are very few and far between and they’re easier to recover from.
And so, yeah, you know, I there’s there’s a quick commentary when, you know, something like that issue happens with I think it was the US East and all the dependencies that were kind of built around that. But we try to make sure that in our case, every data center can operate autonomously from the core. You know, we have replication everywhere. If everything fails, you things just fall over. So, there’s really no point where something is it doesn’t mean that like the UI can’t break or could potentially have an issue with logging, even though we have redundant logging clusters and failovers and those kinds of things. It doesn’t mean that that can’t happen.
But, you know, there’s a lot of work and and from a bootstrapping standpoint, the exciting thing about that is that when you don’t have, you know, sort of a lot of times when you have millions of dollars, you just throw that at marketing or you throw that at engineering and you just, you know, you scale up, you know, all these microservices and serverless technologies and so, you’re not worried about cost upfront. So, you’re really not less efficient. So, for us, we’ve had to be we’ve had to build this way and do so in a very efficient manner, very capital, you know. Customers want 100% uptime, but they also don’t want to pay, you know, a fortune either, right? So, you know, bootstrap has had some advantages there as well in being resilient and and being fast and available, but doing it in an efficient way. So,
David Redekop: yeah, that makes a lot of sense. And I can concur with same kind of an experience where, even though we’ve also taken some seed investment, our focus has been from day one to be as efficient as possible. A good example we often use is, why use the cloud when on-prem will do? There are some things that absolutely must be in the cloud. And there are other things for which it does not make sense when you can stand up, you know, your white box with Proxmox on it and throw 50 VMs on it for a one-time capital expense as opposed to, you know, a monthly virtual machine cost. So,
Tim Adams: well, even when you say cloud, I mean, the cloud, you know, it’s such a broad term. Does that mean are you talking about, you know, serverless, you know, options where you really have no visibility and control? Again, I’m not trying to use, you know, names specifically, but there are there are certain platforms that make money on the the fact that code is often inefficient and the more inefficient the process, the more money the infrastructure provider makes because they’re essentially charging you for time and resource. You can also use cloud and just rent machines. For us, it makes a lot more sense because our traffic is relatively predictable. I spin up users in a region. I know what that’s going to I know how that’s going to affect that region. So, yeah, and those are a lot more predictable and manageable from a cost standpoint.
So, yeah, I think and it absolutely, we’ve seen cases where people have written about, you know, leaving, you know, large cloud providers and going back inside and running racks and, you know, bringing in peers and doing it themselves. And, yeah, I mean, a lot of times that can make a lot more sense, but there are also a lot more secondary infrastructure providers that have great products and great solutions that folks should consider when they are looking out there. There and especially as we know that the big tier ones are not 100% flawless, that obviously things happen as we’ve seen over the years. This hasn’t been the first time we’ve seen global impact from, you know, tier one provider issues. So,
David Redekop: so, let’s jump to the superpower of a protective resolver, which is, you know, your DNS threat intelligence. What has been your funnest learning lesson in building an integrated DNS threat intelligence platform?
Tim Adams: That is a a good question. I think it’s really the challenge of how do we maintain a good quality of product while also reducing false positives. You know, you can’t just go out and grab and it’s it’s funny, you know, people talk about these, you know, DNS filtering or DNS protection tests where they go out and they pull these lists and they throw everything at at the list. And a lot of times that’s a really bad way to do it because and I’ve seen there are there are vendors out there who who pull these free lists in just to pass tests when 90% of that list is a false positive now, right? Because, you know, a lot of times these things get cleaned very very quickly, especially when they impact commercial commercial use.
So, yeah, so really being able to, you know, kind of scale out that without having too many false um false reports because you want to balance protection without interruption. Also, you know, you want to there are certain types of challenges around, you know, CDNs and all the domains around that are involved in, you know, these content servers. And so, and threats that can pop up around those. But, you know, being able to manage that without impacting downstream services and so having strategies. So, yeah, so there there’s a lot that goes involved in. So, you know, we we do some of our own threat intelligence, but we also source a large chunk from different providers and some quality feeds that we feel are historically very No one, you know, we we just wouldn’t have enough volume globally if it was just us, right, to capture everything and see everything. So, you know, we we partner with some folks and then go out and source source some other feeds. Then we also go back and curate, right, to try to improve the quality of those. So, that that can certainly can be a challenge and one that’s just kind of ongoing.
David Redekop: Yeah, it’s not a small number science problem. So, any statisticians out there who who look at, you know, doing statistics, I mean, the simplest way that I always introduce it to new folks interested in stats any which way is just think about a billion by a billion matrix. And that is what you’re working with, right? Especially as you’re dealing with the interaction and intersection with various domains where one meets another and they end up being part of the same threat actor’s stack or part of the same registrar and resolve to the same place.
Tim Adams: Yeah, there’s certainly a lot of DNS metadata we can look at that, you know, registries, neighborhoods, you know, IP ranges or IP networks, I should say, ASNs, for instance, bulletproof hosts tend to be places where a lot of things are. You know, so we’re we’re trying to do a better job of of understanding, you know, trying to create new policy protection options for end users on things like, you know, can we block all bulletproof host providers? Can we, you know, block have different character types that we can block within? So, yeah, there there’s some some cool things you can do from a policy standpoint, but just even identifying where the threats are likely to come from based on other attributes is a fun exercise to to practice, too. So,
David Redekop: right. Reminds me of a a recent client that we onboarded and immediately after getting onboarded, we watched this punycode domain come across our non-punycode interpreted list. And cuz they stand out like a sore thumb, right? And so, so I actually had to paste it into a browser to see what it’s supposed to be. So, it turned out to be a trader that was using tradingview.com except that they weren’t using the real tradingview.com.
Tim Adams: Right.
David Redekop: And so, just that’s the first time I had come across a punycode abused in the wild as we were onboarding a client. So, that’s interesting.
Tim Adams: Yeah.
David Redekop: Um, you were also early on, if I’m not mistaken, Tim, with doing encryption from your customers to your Anycast nodes, doing offering DoT, DoH, DoQ.
Tim Adams: How did that go for you? You know, so, you know, we we kind of, um, really circled around DoH, which is really that’s a whole another topic in and of itself, right? I think in a lot of ways, most of us in security would make an argument that DoH probably should have never really been created. And in in a lot of ways, was not really necessary because the folks, if you if you really look at, you know, the folks who brought us DoH, uh, they weren’t really thinking about really security or privacy. I know a lot of it was done in in the guise of privacy. And I know, you know, Dr. Paul Vixie has written extensively about a lot of this.
But, yeah, so, I I think that, you know, for us, we we really kind of circled around DoH specifically for roaming clients. And that’s really kind of where originally came for us is we have from a commercial the commercial use case, DNS is very different from that of of a home user. And, and so a lot of different things the commercial end user takes into account the administrator. And so, for us, when we looked at deploying roaming clients a few years ago, we wanted to do it with encryption as a native. We wanted to to just be full-time encrypted all the time from from the Windows or Mac OS up to our Anycast or our network.
And in doing that, we circled around DoH because the problem with DoT, although it’s great from a standstill network provider’s point of view, for a roaming client that is roaming around the world into different people’s networks where you do not have control over the firewalls and the ports that are available, right, port 443 is more likely to slip through and be unencumbered. And so, we don’t have to design all these failback mechanisms to go from, you know, DoT to just standard port 53 DNS. And then, guess what, if port 53 DNS is also restricted, which it can be in certain networks as well, well then then you’re just sort of, you know, no no no protection at all. And so, that’s kind of what we did. So, for our specific use case, DoH was great. And it’s it’s worked well there. But, yeah, so that that was early on. But and you know it it you know there’s sort of this topic that, you know, DoH adds all this overhead and particularly compared to, obviously, there’s some overhead compared to just standard port 53 DNS. But between DoH and DoT, I don’t not really notice that much of a difference from an overhead standpoint. But from a practical use case, it it’s it’s worked pretty well for us. So,
David Redekop: Right. Right. I also noticed that at the IETF, as in the IETF circles, that there’s a very strong movement towards DoQ just to move it over to UDP. So, looks like we’ve come full circle from going UDP back to UDP, except that the average packet size is like, I don’t know, X number at times larger. But we also have the bandwidth and the capacity today to sustain that. And so, I think where we’ll end up is probably there or is there something else that you see happening?
Tim Adams: There’s always something else on the edges, right? I think that’s probably where the industry will push in the next, you know, couple of years. How quickly it gets adopted, I don’t know. We’ve we may there there are some use cases still where bandwidth can be an issue. In general, I agree with you that that’s become less of an issue around the world. And so, I think there’s a good argument for it.
David Redekop: Right. Now, speaking of of adoption and with your background and having lived and breathed this in the DNS world for all this long, if there’s one thing you could force upon the world as it relates to DNS, would there be anything that comes to mind?
Tim Adams: You know, I just don’t have like authoritarian vibes in me. So, when people ask me questions about what would you force everyone, I, you know, I don’t know. That’s a really good question. You know, from a protection standpoint, one of the things that I I like about what you’re doing with Do Not Talk to Strangers and the whole concept of, you know, zero trust DNS is moving away from the idea that known threat tracking is good enough. And so, I just think, you know, people having the right mentality of yes, we can, you know, take these threat feeds and threat intelligence and we can design sort of like this machine learning, you know, real time. I think people have to think beyond the threat feed and what are the strategies that we can do? And what what can we put in place that shrink the attack surface from the unknown, right? Or against the unknown.
And and so that’s what I like a lot about the work that you’re doing and things that we’re doing around the concepts of our zero trust TLD control, concepts around, you know, how do we unclassified management and quarantine those kinds of things. Yeah. So, I think just just some mindset shift around recognizing that threat feeds alone are not good enough because we’ve seen a huge increase in the use of, you know, malicious domains that are used for hours, you know, day or even hours in some cases and moved on from. And by the time they’ve made it to, you know, a lot of people for the last several years the idea of newly registered domains has been, you know, it’s a good concept but has a lot of weaknesses because, you know, it takes people don’t realize it takes 20, you know, first of registry organization management. They they they don’t even necessarily in some cases, uh, when you look at country codes, they don’t even have to provide the information. And so, uh, it’s sort of like a voluntary matrix of providers that collect.
And some people would say, “Well, Tim, don’t you just, you know, use ‘who is’ data to to to find out if something is?” Well, people don’t understand, if you want a 10 millisecond response, everything that goes in that 10 millisecond response has to be done in nanoseconds, right? I have to make all these decisions with data centers. So, that data has to be kind of pulled out. It takes 24 hours plus, sometimes 3 days for some of those newly registered domains to hit list. It doesn’t protect you against, you know, just FQDNs of existing apex domains that aren’t newly registered. So, what do you that completely ignores that concept. So, that’s something we focused really big on on blocking unclassified and how to make that, you know, domains that just haven’t been seen before, really, which is really what they are, whether they’re the subdomain of a known apex or a brand new, you know, newly registered domain.
So, just the concept of, you know, how do we sort of shrink the attack surface, which is what I like about working in B2B or commercial side. It’s much more difficult on the residential side because it’s kind of you can’t, you know, someone who’s who’s, you know, a consumer working from home, the expectation is that the internet’s available to me. Well, in a corporate world, it’s less. You typically are using the same services, the same domains day after, you know, day in and day out. There’s there’s less of a need in many use cases to sort of have the entire web available at any given moment. So, how do we shrink that? And, yeah, so yeah, just I guess back to your original question, just thinking about security outside of the traditional threat feed scope. So,
David Redekop: yeah. And what the other thing that I noticed is that you offer a resource record control type as well. And we have in in the last little while experimented with that with great success where a typical network of user devices that don’t house servers or any backend infrastructure, user devices with computers, with smartphones, don’t need TXT records or null records or, you know, all the private types. They need A and quad A records and that’s it. And so, I noticed that you also offer resource record type control. How did you arrive at that conclusion? Was there already threats that were abusing that? Because I thought that was relatively modern that non-typical records were used abusively.
Tim Adams: Well, a lot of that was when we look at like DNS exfiltration, right? So, traditionally, the tools that do that a lot of times are built around the null record or or the text record. Those were the two easiest because the payloads were more flexible, right, for the exfiltrator when you and of course, now there are a lot there are tools that will do that with the A records today too. So, you can it is it’s a little bit easier to notice in a lot of cases because the amount of queries are much higher. But, yeah, so a lot of that just came in in the the concept of and then back to your to the idea of do we really need this?
So, so beyond moving beyond exfiltration, there are use cases where you don’t need different record types, right? Everyone like you said needs A and, you know, quad A record types. But outside of that, you know, text records have and we’ve, you know, text records, there are legitimate use cases for text records. There are a lot of applications that sort of use DNS in telemetry in certain ways that not necessarily malicious, but it’s not obvious from from from an end user standpoint either. So, I wouldn’t it’s sort of a gray area. So, yeah, generally speaking, you can restrict the record types for a lot of user classes without negative impact. So,
David Redekop: yeah, I I found a really interesting research that I did only a few months ago that across our entire client base, we’re talking about five domains that legitimately use TXT records for things like license validation and so forth. So, it was very difficult to find those even. And so, once I saw how small that number is, we said, “It makes perfect sense to just not enable that unless you are a server backend and you’re doing, you know, your ACME challenge via, you know, DNS TXT records to verify ownership and so forth.” But beyond that, it’s it’s really not that common. And of course, for MX records or for SPF validation, DPM and so forth.
Tim Adams: MX records on your network and you’re using, you know, Office 365, that should be a concern. Like, something,
David Redekop: right. So, I think, you know, having visibility into, having visibility which is we we really try to focus on visibility. We’re doing some really cool things the rest of this year around tracking, you know, NX domains and surveillance and bringing that more, you know, making it easier to sort of visually see the impacts of some of those. But, yeah, and and we make it easy to see different, you know, record types across your network as well. It’s one of our insight tabs. And so, yeah, there’s certainly use cases where, you know, record types can be indicators, right? So, people don’t that way, but it really can be. So,
David Redekop: yeah, absolutely. Okay, here’s a tough one. Fast forward 5 years. It’s 2030.
Tim Adams: Oh, man.
David Redekop: What’s what’s a terrible dystopia we are sleepwalking into that we need to pay close attention to as internet defenders, maybe not just in the DNS space, but broadly speaking?
Tim Adams: Man, you know, that’s a good question. And and I don’t know that there’s a global answer for that because I think I don’t know if it’s a debate, but there’s there’s a lot of, if you, I guess it is in a way, there’s a debate around security versus privacy, right? So, you’re seeing a lot of that. Is that kind of what you’re referring to in terms of like
David Redekop: I I I have this concern around the mix or the balance between security and privacy, where that gets offloaded to, where the TLS third-party termination happens, centralization of the internet, all of the things that where the economic interest is in contrast to what we are as people who love freedom for, you know, our generation and generations to follow. That’s where I feel like there’s tension, but I’m not sure how far any of us can see in the fog.
Tim Adams: No, I I, you know, my prediction is that we wind up, and it’s already happening today, uh, that we wind up with sort of, you know, regional standards for what privacy is and what those protections are. If you a lot of people don’t realize this, but in the UK, for example, iCloud backups are not protected by end-to-end encryption as of this year. So, if you’re an iCloud user, if you’re an iOS user in the US and you have end-to-end encryption on your iCloud backup, no one, even Apple themselves, cannot see your data, right? But if you go into the UK, legally that has been put on hold where Apple runs a completely different standard in the United Kingdom. So, yet the data is still encrypted, but Apple has access to the key. What that simply means is that in the UK, you can get a warrant and Apple has to essentially give your data over. In the US, you get a warrant. Apple gives your data over, but no one can see it, right? So, that with come comes without the key because they don’t they don’t have it.
And and you wind up with with, and it’s very interesting, right? So, if you go to the United, if you go to Europe in general, right, they they kind of have this uh it’s it’s just two completely different approach. They have very low tolerance for commercial tracking and commercial collection of data, but they have much higher tolerance for government access to data. And the US, it’s completely opposite. The US has very high tolerance for commercial tracking of data and very low tolerance for the government, you know, regulation or collection or the ability to of that. So, I think you’ll wind up with regions in the world where technologies that support end-to-end encryption have, you know, different impacts and different standards.
And so, you know, you may have places where your data is safe safer from Meta, but it’s less safe from your government. And then some regions where, well, well, you know, the corporations have all access to your data, but the government doesn’t. And, so, that’s, you know, something that I think is already happening today. I think you’re going to see a lot more of that. And, you know, every everyone’s going to, and you’re seeing more and more of this, too. Like, even us, for instance, we house European data in Europe. Anything that comes from a European resolver stored in Europe. There are other countries that are pushing the same type of concept where some countries in the Middle East are going to start wanting very soon their data in, you know, it’s got to be in country where they want access to it because it’s I don’t know safer there.
So, you you’re going to continue to see standards like that, and just just sort of fractured. I don’t think we’ll ever get a global standard because you you can’t get get people in the 50, you know, US states to agree. You can’t get people in Europe to agree on anything. So, you’ll never get a global standard. But you’ll have just these regional standards that, you know, companies sort of have to navigate around. And no, no one’s going to operate outside of the law in a specific country because you just won’t be able to operate there. You have to op we we all have to operate within the legality of the. You either have a choice. You either operate within the law or you don’t operate in that country at. So, if you want to be in country, you have to operate in that country standards. And so, yeah, so I think that’s that’s kind of where we’re headed.
And in some ways, you know, it’s kind of an interesting experiment. You you can kind of watch and you’ll be able to observe sort of the things that happen. I don’t trust, you know, we talked about this the other day. I think I was, you know, I was sharing some comments back with Andrew on this re-encryption and, you know, there’s certainly everyone wants to protect or or prevent the abuse of of users who are more likely to suffer that, right? But at the same time, we also know that privacy is protection that people can be at risk from data being exposed. And so, you know, I I think that it’s just something that we have to to to be concerned with and it’s an important debate. These are important experiments that that essentially going to be taking place. And, you know, we’ll see how it all turns out,
David Redekop: right. Yeah. The the ongoing experiment that has been going on for a number of years now. I’ll never forget the one time that either I read or or heard Moxie Marlinspike, the um founder of the Signal protocol, when he said that for liberty to exist, it must be possible to commit a crime and get away with it. And the difficulty in that statement is that if we want privacy for ourselves, by extension, we’re going to have privacy for the criminal. And so, there’s going to be this non-stop tension between law enforcement that wants less privacy and citizenry that wants more privacy. But I think we’re going to have to continue to navigate that in a way that serves us well. But the most important thing is for us to not ever have us or our children be unaware what’s at stake.
Tim Adams: You you raise a lot of good points there. One of the biggest, obviously, the biggest issues around end-to-end encryption is the use case of it for CSAM. And, you know, obviously, that’s something that we would all, if if we could do anything and wave a magic wand, we would obliterate that from existence and never becoming existence. But we we live in a a world where, you know, evil does exist and there are bad people who do evil things. Um, and you make a point about law enforcement. Obviously, if you look at the law enforcement or government side or intelligence community side, they always want more access to data. But the reality is, and I I looked at this the other day, even as we’ve had an an increase in end-to-end protection, every year we have thousands of more arrests of CSAM abuse cases from the internet because we have met there all law enforcement has a lot of tools, right? There’s all kinds of metadata. Uh, there is there’s, you know, in in person, there’s informants, there’s surveillance, there’s all kinds of things that are still. There’s not one tool that is used to make a case. We’ve seen cases where the intelligence community and law enforcement have run TOR exit nodes and gained access today. They probably still do, guarantee they still do today. We’ve seen very controversial cases where law enforcement has taken over CSAM sites and ran them for a month or two and collected. There’s certainly a lot of controversy around that. It’s great that we can catch the, you know, bad guys, but, you know, what is the controversy around leaving that material available for a while? Certainly that’s not without controversy.
David Redekop: I did have one question for you that I noted here. Founders are never perfect in my experience. Is there any one regret of a feature that you built or a thing that you did one time and you woke up at 3:00 a.m. like, “Oh, darn.”
Tim Adams: All the time. Um, yeah, you know, I I I tell people all the time this last year, 2025 was probably the first year I started to actually like my product. And so, you know, there there are things some things just take time. A lot of times we are our biggest critics, right? We um, but there there are a lot. In fact, there’s a a way that we do things today that I would do differently. And we do we do refactor things all the time. Sometimes they’re behind the scene things that didn’t really impact the end user. Sometimes there are ways that we do things in the UI that we figure out, “Hey, this is sounded good on in in my head and when I wrote it out and had a couple couple conversations.” But when we deployed it in mass and people want to use it another way, and so then you got to go back and make changes. And we’ll we’ll make some change. We have some scheduled changes for next year on how we do things with allow-block list and to make them even more object-based and better and easier for for end users. And so, you know, that that’s something that we’re going to be, you know, really really focused on next year. But, yeah, no, all the time. I mean, there’s all things that we do all the time that we wish we might have done differently. So, yeah.
David Redekop: Well, an innovator entrepreneur, it’s for an innovator entrepreneur, it is impossible not to make mistakes because that is the very act of learning, right? You don’t have fear of trying something out because you see that this could provide value. And rather than analyzing things to the point of paralysis, you’re like, “Let’s do it.” And then you find out very quickly what works, what doesn’t.
Tim Adams: Even just the concept of Scout DNS itself, you know, I had been in running I had done general IT, you know, my my when in my, you know, sort of foray into general IT management, if talking about like servers and end users and just IT, you know, network man or just IT management general. My last major project before getting involved with networks and Scout DNS was migrating NT4 to NT2000. So, it had been a while. And I had kind of dove into networks and spent, you know, 10 15 years just dealing with networks. And and then getting back into specifically, you know, recursive DNS, you can even, you know, spend 15 years in network engineering and think you know DNS. You don’t really know DNS until you’re in DNS. And so, I’ve had I’m always learning uh learning things, you know, um, and so that’s, you know, early on I faced a lot of imposter syndrome just getting into dealing with with Scout DNS. And still and still hit that sometimes today. You know, it’s just I think it’s something that we all face because you the more you know the more you don’t know the more you know you don’t know. And and so we’re always trying to learn. But, yeah, no, it’s it’s it’s it’s a challenge.
David Redekop: Right. Absolutely. Tim, if there was one domain name that you could block in the whole world, what would that be?
Tim Adams: One domain name that I could block in the whole world. What would that be? You know, I don’t know if it
David Redekop: I’ll I’ll go first if you want me to and I’ll give you the reason why. I want to give some backdrop to this first. There was a gentleman that recently asked for my help to get onto Facebook as to set up an account. And he needed it for marketplace reasons. And he had never been on Facebook before. Okay. But he’d also lived most of his life with a computer with, you know, let’s say without a protective resolver of any kind. And so, when he walked through the sign-up process, he was literally jaw-dropped to the floor to see all the things that Facebook already knew about him when he never had a WhatsApp, never had an Instagram, never had a Facebook account. Okay. Where does that come from? That comes from one FQDN. If I could block out the whole world, connect.facebook.net.
Tim Adams: Yeah.
David Redekop: Because any website that says that has the little Facebook icon that just by your browser visiting that website, it actually registers with Facebook who you are, and that profiling gets collected. And so, without you even signing up for the services, they know who you are. So, that that’s that’s my background on why that would be the one.
Tim Adams: I was going to say, you know, probably, you know, something involved with tracking and monitoring only because even even when that’s done commercial, we know that, you know, governments purchase that data, too. So, we they kind of work around. And there’s been cases in the US where intelligence agencies have bought, and we couldn’t, you know, we’re not going to surveil the end user, but we’ll buy from the people who did surveil the end user. And so, you know, that certainly does get into a very gray situation. So, that no, that makes a lot of sense.
Yeah, I I honestly don’t. I don’t I think I I have a LinkedIn account, obviously. I have a couple of social media accounts just to have them because you have to have a personal account in some cases to have the business account. But I don’t have a social media page. I don’t spend time on social media. I don’t scroll through social media. I don’t post pictures of myself on social media. I don’t follow my family on social media. I talk to them a same person. I just am not a big social media guy. And I think the world would be better off without it. But, you know, it is what it is. So,
David Redekop: Tim, there’s not enough people that think that way today. And I think that’s part of the issue. I’m in 100% agreement with you. And I’m finally at the stage where a few of our sons are also late teenagers that are now of the same mind. The fact that they’re teenagers and recognizing it and writing about it and sharing it with their peers, to me is just like, “Wow.” But it’s so sad that it took this long for this much time to be wasted for no return for them. Like, it was not an investment of time that gave them a reward of any kind. It was literally monetization of short-term dopamine creation. That’s what the system is about. So, this is not a social media anti-social media show, but I’m telling you, I’m so excited, Tim, when I find out that other people recognize the danger of what has been created and that we need to push back.
Tim Adams: Yeah. And you’re not going to eliminate these things. And I and I’m not even a fan of necessarily like, you know, regulation to ban these things. But I I am a big fan. And this goes back even to talking about cybersecurity in general and things we can do, privacy versus security, and what are the things and tools that we can equip parents and companies and CEOs and IT managers on just best practices on how to be safe on whatever it is that you’re doing, whether you are, you know, browsing the web, you’re, you know, you’re, you know, whether you’re using social media. How can we educate, you know, stakeholders and then when you have kids, parents obviously are key stakeholders. How can we educate them on the the things that happen when you do use it? So, if you’re going to use it, understand how it affects you and what can you do to lessen those effects, right? So, those are very very important things.
And that goes again back to the security versus privacy. If we’re going to have these things, how do we lessen their effect? How do we educate people? It goes goes into scamming epidemic of elderly folks who have been impacted and scammed and even outside of that small businesses, nonprofits. We we, you know, we do a lot of work with nonprofits. I can give you all kinds of stories of nonprofits falling for abuse and, you know, just just being scammed and losing tens of thousands of of donor dollars. And, yeah, so, you know, awareness. At the end of the day, all of the tech is great. We always, I think anybody responsible points back and says, “People are the strength and the weakness of anything in the chain.” And so, we we must constantly be finding ways to improve that portion of it.
David Redekop: Yes, 100% agreed. 100% agreed. Tim, one last question. I meet someone tomorrow that’s a managed service provider, and you’re you have a 30-second opportunity to tell them why they should consider replacing or adding Scout DNS as a protective resolver. What do you say?
Tim Adams: Yeah, that when we when we talk to MSPs, there are usually kind of three things that we that we hear from our customers. Obviously, the first is a product. You know, we’ve built a really good product. We have great reviews if you look us up on Reddit, on G2, on Channel Program. People say generally say nothing but nice things about about Scout DNS because we are a product first company. We have very small marketing presence. We we built our business on word of mouth recommendations. And so, the only way you do that is by building a great product. I’m not going to go and raise a Series A for $10 million to go to $200,000 trade shows, but I can build a great product and get people to talk about it after they use it. And so, we really do focus on product.
The second big thing really is is our billing model. One of the things that MSPs hate the most is contracts. Being locked into a contract. And we hate contracts. We know MSPs hate contracts. We are a month-to-month service. We earn our our, you know, the business of our MSPs. We earn them by that’s a trust thing, right? We earn that by saying we believe in the product. We believe in our service. We believe we will retain you just by merit alone, right? We’re not going to hold on to somebody via contract. In fact, we do have some commercial contracts for commercial users. But I’ve had people who, “Well, we we didn’t mean to renew. It’s a month later.” That’s okay. We we refund you. We let you. We’re we’re not a business that’s trying to, you know, trap people into contracts.
Especially for MSPs, it is month-to-month. There is no contract. And so, that has been it’s usage-based billing. You pay only for what you use. You know, if you look at MSPs, billing reconciliation can be a nightmare for some products. With us, we tell you, we show you, tell you, show you exactly what you use. You pay for only what you use on a given month. Clients haven’t checked in. You don’t pay for those, right? So, if you’re if if you get a reduction in an end user, you don’t even have to tell us. We recognize that you get a reduction because of your use. So, that’s a big thing.
And then finally, last but not least, the thing that we can control the most is service. Being being, you know, prompt on customer service, being prompt whether you want a QBR or you want a a biannual. Some people like to do it twice a year. So, if you want to do it, you know, four times a year, we’re we’re very big on our our quarterly reviews. We really do want to hear from our MSPs. Since I still run product, I make virtually all those calls. I mean, I probably sat in on a thousand customer plus calls, you know, 1,500 customer calls last year. A large percentage of those with MSPs about what can we do with our product to make it better. And I want to hear directly from those MSPs. And my pledge is to stay involved with that as our company grows.
And so, yeah, you know, the product, our our usage-based billing and and month-to-month, and then the service that we provide. I think those are the reasons why folks tend to and I can give you technical reasons. You know, we have a disable on our and our agent that MSPs love. We have autofail open. Our relay is the most capable relay, I think, on the market. The solution things that it does, our insight tabs, I think we provide some of the better the best insights and the way to work through those. Our integration with Entra and AD don’t require syncing tools. And there’s a lot of technical reasons. And we I’m more than happy to show those on demo call. But just from, you know, kind of the 50,000-foot level, the product, the service, and then our our billing model, I think is what MSPs really love about Scott DNS.
David Redekop: Yeah. And I can vouch for it firsthand a month ago not knowing anything about you to now having tried it out and having chatted with you and now having interviewed you. So, this is fantastic. Thank you team Tim and team that’s behind you working with you. Absolutely. Keep on keep on doing good work. And we’ll I look forward to seeing what we can do together because I think there’s some pretty exciting synergies outside of the fact that “Adam” is in your name and in ours. So, Tim Adams, Scout DNS. We’ll see you again.
Tim Adams: Thanks, David. Thanks for this opportunity. Yeah, look forward to continuing our our relationship. So, sounds great.
David Redekop: Absolutely. Bye for now. Take care.
Narrator: The Defenders Log requires more than a conversation. It takes action, research, and collective wisdom. If today’s episode resonated with you, we’d love to hear your insights. Join the conversation and help us shape the future together. We’ll be back with more stories, strategies, and real-world solutions that are making a difference for everyone. In the meantime, be sure to subscribe, rate, write a review, and share it with someone you think would benefit from it, too. Thanks for listening, and we’ll see you on the next episode.
1 post - 1 participant
The post TDL 009 | Inside DNS Threat Intelligence: Privacy, Security & Innovation appeared first on Security Boulevard.
Originally published at EasyDMARC Integrates with Splunk by EasyDMARC.
Streamline security monitoring. Centralize email threat data. EasyDMARC ...
The post EasyDMARC Integrates with Splunk appeared first on EasyDMARC.
The post EasyDMARC Integrates with Splunk appeared first on Security Boulevard.
Overview On November 12, NSFOCUS CERT detected that Microsoft released the November Security Update patch, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, and Microsoft Visual Studio, including privilege escalation, high-risk vulnerability types such as remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly […]
The post Microsoft’s November Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Microsoft’s November Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.
The post Inside the Ingram Micro Ransomware Attack: Lessons in Zero Trust appeared first on Votiro.
The post Inside the Ingram Micro Ransomware Attack: Lessons in Zero Trust appeared first on Security Boulevard.
If you’ve been in the security universe for the last few decades, you’ve heard of the OWASP Top Ten. It’s a list of 10 security problems that we move around every year and never really solve. Oh sure, there are a few things we’ve made less bad, but fundamentally the list shows how our use […]
The post Supply Chain Security made the OWASP Top Ten, this changes nothing appeared first on Anchore.
The post Supply Chain Security made the OWASP Top Ten, this changes nothing appeared first on Security Boulevard.
Every time you load a webpage, send an email, or stream a video, the Domain Name System (DNS) silently performs its critical duty, translating easy-to-read names into complex numerical IP addresses. This fundamental function makes it the Achilles’ heel of the modern internet. As an essential service that all users and applications must rely on, […]
The post DNS DDoS Attacks Explained – And Why Cloud DNS Is The Solution appeared first on Security Boulevard.
Regional APT Threat Situation In September 2025, the global threat hunting system of Fuying Lab detected a total of 24 APT attack activities. These activities were primarily concentrated in regions including East Asia, South Asia, as shown in the following figure. Regarding the activity levels of different groups, the most active APT groups this month […]
The post NSFOCUS Monthly APT Insights – September 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS Monthly APT Insights – September 2025 appeared first on Security Boulevard.
“Security systems fail. When it fails, what do you do?”
This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast enough. By the time a threat is detected, the damage is already done.
ADAMnetworks is challenging this reactive model with a new philosophy: Zero Trust Connectivity.
Instead of playing a “cat and mouse game” trying to detect threats, their solution goes back to the internet’s foundation. As Driessen explains, they “enforce DNS as a root of trust,” operating on a “default deny all” principle.
Sharma offered a brilliant analogy: ADAMnetworks essentially “presses a button that shuts down the whole internet” and then builds a unique, private version for you, based only on connections it explicitly allows.
This agentless approach works at the network level, allowing it to protect devices that can’t run traditional security, like IoT and industrial technology. The system neutralizes threats before they can execute, offering a truly proactive posture.
As Driessen puts it, this is the solution for “anyone that cannot afford to have a breach.” Instead of just detecting what went wrong, you see what could have gone wrong but was never allowed to connect in the first place.
Watch full interview here:
When Security Isn’t Enough: Francois on Zero Trust Connectivity, AI & Proactive Defense
Pankaj Sharma: Security systems fail. When it fails, what do you do? And we say, “Well, just do it right now.” What are the kind of customers who should be interested in evaluating Adam Networks for the next year?
Francois Driessen: Anyone that cannot afford to have a breach.
Pankaj Sharma: Everybody in the world talks about zero trust. You guys came up with a term called zero trust connectivity.
Francois Driessen: We’ve actually went back to the very foundation of how the internet works and found a way to enforce DNS as a root of trust.
Pankaj Sharma: Adam Networks presses a button that shuts down the whole internet. It builds a unique version of the internet for you based on what connections it allows and disallows. This particular way of looking at zero trust through connectivity is something new to me. Real time solution is not fast enough. You need to be faster than real time.
[Music]
Pankaj Sharma: Hello and welcome to Spire Connect powered by Spired Solutions. It’s not very common that I meet somebody and when I struggle to pronounce their name and then I realize his designation is even more crazier. His name is Francois. He represents Adam Networks and his designation, just pay attention, his designation is he’s the Human Ambassador at Adam Networks.
Francois Driessen: Hi, my name is Francois. I am the COO and CMO of Adam Networks, human ambassador, and you are watching Spire Connects.
Pankaj Sharma: What’s this role Human Ambassador about?
Francois Driessen: You know, to us, it’s really important that what we stand for in the company is more important than your position. So, even though officially I’m Operations and Marketing Officer, that doesn’t mean much if our technology doesn’t end up serving people. Yeah, so to us, if you can have the world’s greatest technology or some new invention, what’s the point if it doesn’t actively change someone’s life or make their life better? So, that’s why Human Ambassador is my official driving title.
Pankaj Sharma: That’s such a unique title and I genuinely loved the human connection with technology and I think the reason we have Spire Connect today is because we wanted to add innovation and conversations on a single platform, and I believe Adam Network stands for the same.
Francois Driessen: Yes. Yeah. Absolutely. You know, at the core, Adam Networks is founded—it started because we had to protect our own families. And out of that, as the technology grew and we were solving problems to prevent circumvention, we realized that this piece of technology that we’re sitting is also an incredible solution for security and privacy and then of course, productivity. So, at the core, Adam Networks exists not to make tons of money, not to be a tech company. We exist because we’re there to protect people and so yeah, that sits at the core of everything that we do.
Pankaj Sharma: How did you guys name the company Adam Networks? What’s the story around that?
Francois Driessen: I actually love it when people ask us that. I don’t know if you’re familiar of the story of the Garden of Eden.
Pankaj Sharma: Okay. The Adam and Eve story.
Francois Driessen: Exactly. Exactly. That’s where it comes from. And that originally Eden was a perfect place, and then, you know, man messed up by believing Satan’s lie and whatnot, and then it turns into a lot of cursing and bad stuff that came from that. And that’s the same story, that’s the story of the internet as well. It was originally this whole idea that everything’s perfect to be connected, but then it corrupted really, really quickly. And so the whole idea of Adam is that it’s the restoration of that internet. That’s sort of where that comes from.
Pankaj Sharma: So, did David give an apple to you?
Francois Driessen: No, David did not give an apple to me.
Pankaj Sharma: For our audience, David is the CEO of the company.
Francois Driessen: Yes, he is the CEO of the company. Yeah.
Pankaj Sharma: Everybody in the world talks about zero trust but doesn’t know what to do with this zero trust. You guys came up with a term called zero trust connectivity. What’s the story behind this word?
Francois Driessen: I think the big issue here is that we’re applying zero trust really at the very core of how the internet works. So instead of having complicated systems that are completely identity-focused all the time, and then if that identity becomes compromised then the whole security stack falls apart, we’ve actually went back to the very foundation of how the internet works and basically found a way to enforce DNS as a root of trust. And so by doing it this way, you can actually apply zero trust on every connection but at a network level. So it’s out of band. You don’t need to install an endpoint agent, which means that IoT, medical IoT, industrial IoT, operation technology that can’t receive an endpoint agent, that problem is now solved because you don’t have to modify the endpoint to be secure. We can protect it regardless of what type of device it is.
Pankaj Sharma: So, and how do you license this solution?
Francois Driessen: So the solution is licensed really on two principles. It’s per node… just so you understand the way that it works, it’s a DNS caching resolver—a zero trust resolver—that is flexible and portable. So it lives on-prem or in the cloud and can be forced onto a device with VPN or using an access point network. But the node itself, it’s a muscle and brain configuration. Muscle meaning the on-prem resolver, and then the brain is the controller that is cloud-based. So now you have distributed implementation for resilience and for performance, but you also have centralized control. And so every node, every muscle node, is basically licensed per node but then also the number of endpoints that you want to put behind it. So it’s a combination of those two that determines what your licensing price and costs are.
Pankaj Sharma: Amazing. So it’s a very unique way of looking at how the BQS would be formed with Adam Networks. I have a different question now. This is the first time you are here at Gitex.
Francois Driessen: It’s our first Gitex. Yes.
Pankaj Sharma: How do you feel about Gitex?
Francois Driessen: So what do I enjoy about Gitex is that the whole world is more of a level playing field. And it’s more based on your technology’s performance and ability than it is what part of the world you’re coming from.
Pankaj Sharma: Amazing. A lot of people when they talk of agent or non-agent-based solutions, they believe it is only for the mid-enterprise or the theme segments. So is it a myth or a fact that Adam Networks is only for the mid-market people?
Francois Driessen: The interesting thing with this technology is that it is applicable to any device that connects to the internet that you don’t want to be turned into a zombie to attack your back or get destroyed. The technology is built in such a way that it is truly scalable and so there is not a limitation on the technology itself. The flexibility exists literally to take this to SMB if you wanted to or large enterprise if you wanted to. It’s more the implementation than it is the technology itself.
Pankaj Sharma: So what are the kind of customers who should be interested in evaluating Adam Networks for the next year?
Francois Driessen: Yeah, you know the short answer there is anyone that cannot afford to have a breach. If you’re sitting with personal identifiable information of your customers, the consequence of a breach… you’re running critical infrastructure, or mission critical operations, those are the types of guys that are interested in what we have. And so that would range from anything from Fintech, first responders, manufacturing, critical infrastructure, and really anyone that realizes that the price of a breach is too high, that the idea of recovering from that breach is not worth going through that pain.
Pankaj Sharma: Now when we’re looking at technology, there is a lot of technologies which are getting impacted by the rise of AI. Is it going to impact your business in an adverse way?
Francois Driessen: Oh, actually the interesting thing is that zero trust connectivity is an essential ingredient for protecting AI because what is your model actually connecting to? You have to protect your AI the same way that you’d have to protect any other asset, right? And so zero trust connectivity plays a big role in protecting LLMs. It also plays a big role in being able to control what connections from your company is going to sanction approved or disapproved LLM, right?
But I think more importantly where it plays a role is that the whole industry is moving all of their compute and their innovation into the detection phase. If you look at the cybersecurity framework, putting all of that effort onto the detection phase and overloading that with AI and with compute and complexity, that’s siloed. Now if you look at the attackers, where are they applying AI? Well, they’re putting it in the malware creation, they’re putting it in detection evasion. So you’re basically building an adversarial network between the attackers and the defenders, and the defenders’ AI is making the attackers stronger. It’s the same cat and mouse game that the industry has seen in the past.
And so what we do is to say, “Well, hold on. What if we apply our AI in a different part of that? What if the first thing that you do is to neutralize without needing to detect before the attack can execute?” And out of that, then you identify, respond, recover, right? And so to us, it’s about where you’re applying that AI. And the beautiful thing is you’re sitting with a $7,000$ to $1$ compute reduction because we’re only implementing our compute on what is good and verified, not on everything else that lives out there that you didn’t ask for, that’s yet unknown and that is unverified. So I think that’s sort of like a more of a long-winded answer on the AI scene. So in the end, it’s not about using AI, it’s about using AI correctly.
Pankaj Sharma: So when you go and meet so many customers, what are the common problems across regions which you are hearing about?
Francois Driessen: Well, the common problem is that security stacks are failing. And so it’s funny when you go to a security conference… the incident responders in the room all snigger and they go like, “Yeah, when all of this stuff fails and hits the fan, we come in and solve the problem.” Right? The whole thing about Adam Networks is this technology could actually be used in incident response. But whatever posture you take on by the time that you’re breached, Adam Network Technologies allows you to take on that posture before you get breached. So the same medicine that solves the problem when the problem actually hits can be applied now and it’s flexible enough that it won’t disrupt your operations. And so I think that is the common problem is that security systems fail. When it fails, what do you do? And we say, “Well, just do it right now. Assume that you’re already breached and just get yourself in that true proactive security posture.”
Pankaj Sharma: If you had to explain what Adam Networks does to a 10-year-old child, how would you do that?
Francois Driessen: If I were to explain Adam Networks or zero trust connectivity to a 10-year-old, I would say Adam Networks presses a button that shuts down the whole internet and then as your device is asking to go to good places, it builds a unique version of the internet for you based on what connections it allows and disallows.
Pankaj Sharma: Wow, this is so simple and so very well explained.
Francois Driessen: Well, any invention that is going to change the world has to be simple and it has to be elegant. The industry abandoned default deny all 10 years ago because it was not practical and they moved on from there. We went back to first principles and got it to work because the idea of just allowing all connections and then cleaning up the mess that happens after the fact just doesn’t make sense to us. So if you were to organize a party and you just let anyone come through the door, but you know that these five guys are bad, you let these five bad guys that are not in the door. But what about the guys that are there that are bad for the first time? Well, that doesn’t make sense. So rather put five guys on a list that you actually want to have at the party and they’re the only people that get to come to the party, right? That’s the whole principle of default deny all but you got to do it in such a way that it’s practical that every one of your friends that you want to be there is actually there. That’s the catch and that’s what we achieved with zero trust connectivity through Adam Networks.
Pankaj Sharma: Amazing. I’ve been in the network security domain for the last 12 years… but this particular way of looking at zero trust through connectivity is something new to me and I believe this should bring a fresh perspective to a lot of people who are planning for their budgets for the next year.
Francois Driessen: So if anyone asks me what the philosophy is that we’re aligning with for 2026 and going forwards, I would say it’s this is to go back to the foundations that were not done properly. So the internet was designed to be resilient and to work. It was not designed with any security element in place. And so zero trust connectivity brings a security element to the IP protocol that was never part of the original design. And so yeah, that’s what we’re aligning with and we believe that anyone that is serious about succeeding in their whole security stack has to also give attention to the foundational elements of the internet connectivity.
Pankaj Sharma: So let’s say if I am a CIO and I give this pitch to my board and they approve my budgets for the next year. The first thing I need to do is I need to evaluate your product. How do I do that?
Francois Driessen: Well, talk to the talk to our partners at Spire. We can do a proof of concept at various levels. And I think it’s very, very important to see the technology actually at work. And so we can do foundational proof of concepts that proves it out philosophically very quickly by just spinning up virtual machines and so forth. But where you actually want to see this at work is inside your infrastructure and with that just talk to our partners at Spire and they’ll set you up.
Pankaj Sharma: So a lot of people who talk about zero trust or and are agentless are actually cloud-based solutions. Are you totally cloud-based or can you be on-prem as well?
Francois Driessen: Oh, that’s actually very unique about Adam One, about our technology, is that at the core it is a portable resolver. You can spin it up in the cloud or it can live on-prem. It can live in the data center for your access point network, for your cellular network as well. So it’s incredibly flexible. But as I mentioned that you have this muscle-brain configuration, you have an on-prem resolver. And sovereign data custody is one of the outcomes of this. For us, the idea that if you’re going to try and implement zero trust to have centralized data flow and shipping all of your data into someone else’s custody, that’s abdicating data custody and there it’s being decrypted in a central attack point with the hope of finding something and then blocking it if it is discovered. We just couldn’t do that ourselves with our own data… Letting that sit in a centralized decrypted state is creating a hyper-valuable target. And that is why Adam functions on a decentralized sovereign data custody approach. There’s no decryption taking place. We’re looking at source and destination only and your data remains under your custody.
Pankaj Sharma: So let’s say if I’m a retail customer and I’m present across 20 countries. As an administrator I need one console for me and as a CIO I need a single console which comes from every site. Is that possible with Adam Networks?
Francois Driessen: Oh, absolutely. Yes. So it’s multi-location, multi-tenant. So you can have as many Adam nodes as what you need and all have a centralized controller. So you have decentralized distribution, performance and resilience, but you have that centralized control. So you can, for orchestration and for visibility, having a single pane of glass. The other beautiful thing is you can feed all of this into your SOC or your SIEM. But the very big difference to understand about zero trust connectivity going to a SOC or a SIEM: You’re not looking at what has already gone wrong. You’re looking at what could have gone wrong but was never allowed to execute. Was never allowed to connect, never allowed to exfiltrate that data. It’s a huge force multiplier for security operation centers because you don’t have to jump into action to neutralize once it’s discovered. It was neutralized first and now it becomes discovered.
Pankaj Sharma: A lot of solutions as you mentioned in the NIST framework as well are around detection or remediation. But all of these things come a little later into the picture and you call yourself as a proactive solution. Why do you do that?
Francois Driessen: Well, actually, we don’t just call ourselves a proactive solution because a lot of people use that term… They think that if you’re really proactive with your stance towards security that you are now proactively secure. But the reality is that you can be as proactive as you want to be in preparing for that breach. But if your tools are reactive in nature, you have a reactive posture. It’s like more solutions saying I’m near real time. But even if you had real time, that’s not fast enough because the damage is already done. So real time solution is not fast enough. You need to be faster than real time. Well, how do you do that? Well, what you do is whatever you would have done by the time that you detect, just do that as your first step. Now detection evasion is not a problem. Now zero days that no one knows about, for let’s look at the SolarWinds case, that was 9 to 12 months… well 5 minutes is sometimes enough in order to exfiltrate data, right? So that to us is not an option. You got to go the other way to say no, there should be no dwell time and then if you do see that the bad guy was there, should already be neutralized.
Pankaj Sharma: So zero trust is like a Lego. Every year you get a new variation, but nobody knows how to make the perfect recipe. Right. So how do you move over this barrier of implementing zero trust in a better way on your network?
Francois Driessen: Yeah. I that’s that’s really true. You know, if you look, if you read all of the papers about zero trust, you just go to the end where provision is made to say, “Well, most people will get to a zero trust state of only part of their network, only part of their assets, right?” And I think the way to get there is to say, “Well, where can we actually implement this philosophy that doesn’t require you to have endpoint agents, alter the actual devices and so forth.” By allowing zero trust to be inserted at the very foundation of internet connectivity helps you to gain a lot more ground.
Keep in mind that you can have per device policies in zero trust connectivity through Adam One. You can have per device policy if you want to get that granular. And that means non-uniform attack surface within an actual network—that the version of this device is different of the internet is different than the version of the internet for another device. And so that gives you complete control for privacy, for content protection, for security and for productivity even as to what this device should be doing and where it should be going.
Pankaj Sharma: You’re coming into the region which is already very well versed with cybersecurity solutions. There are so many partners who are mature and now you need to find your own niche space among those partners to get their mind share. So what would you like to tell the upcoming partner ecosystem for Adam Networks?
Francois Driessen: Well to get part of that mind share—and you’re right that is the biggest issue. Our problem is not technological. Our problem is to have people understand one that this does exist and two that it’s actually working. So there’s a few things that I would say. First of all is we don’t have to displace current technologies. We can augment and then in time as you find out that maybe there’s other technologies that’s not relevant anymore then you can let go of them. And so we have smart roll out that’s very flexible and we have per device policies…
If you cannot afford to have a breach, talk to us. If the intellectual property or the classified information that you’re protecting cannot get into the hands of an adversary, talk to us. If you’re not okay with dwell time where bad guys get to make the first move, get to do stuff and then you try to recover from it, talk to us.
Pankaj Sharma: Francois, you have attended so many global symposiums like this. What is one myth about marketeers which you want to destroy right now?
Francois Driessen: Buzzwords. You know, it’s AI everything. It’s… and I mean it’s they because AI is here then zero trust is not really spoken about. But just because you put buzzwords onto all technologies doesn’t make it work better. It doesn’t give you that edge that you actually need. It doesn’t change the philosophy. And that’s really the core that the technology has to go. It’s not the marketing people’s fault. Their job is to sell something. So, they’re going to come up with new stuff. What I’m saying is if there’s new stuff to be done, it’ll be done by the technology people, right? So that you actually sit with something new. You sit with a solution that didn’t exist before.
Pankaj Sharma: On this note that we want to destroy the buzzwords and get down to the real work. We thank you so much for joining us for today’s session on Spire Connect. Spire Connect powered by Spire Solutions and thank you so much for joining us.
Francois Driessen: Okay.
1 post - 1 participant
The post Faster Than Real-Time: Why Your Security Fails and What to Do Next appeared first on Security Boulevard.
Anchore Enterprise 5.23 adds CycloneDX VEX and VDR support, completing our vulnerability communication capabilities for software publishers who need to share accurate vulnerability context with customers. With OpenVEX support shipped in 5.22 and CycloneDX added now, teams can choose the format that fits their supply chain ecosystem while maintaining consistent vulnerability annotations across both standards. […]
The post Anchore Enterprise 5.23: CycloneDX VEX and VDR Support appeared first on Anchore.
The post Anchore Enterprise 5.23: CycloneDX VEX and VDR Support appeared first on Security Boulevard.
Overview Recently, NSFOCUS CERT detected that JumpServer issued a security bulletin to fix the JumpServer connection token improper authentication vulnerability (CVE-2025-62712); Due to improper authentication of JumpServer’s /api/v1/authentication/super-connection-token/hyper-connected endpoint, attackers with low-privilege accounts can obtain the connection tokens of all system users and connect to managed assets as them, thereby achieving unauthorized access and privilege […]
The post JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice appeared first on Security Boulevard.
The post Closing the Zero Trust Loop: ZTNA + CDR appeared first on Votiro.
The post Closing the Zero Trust Loop: ZTNA + CDR appeared first on Security Boulevard.
Your data tells a story — if you know how to connect the dots. Every organization holds thousands of identity touchpoints: employee credentials, customer accounts, vendor portals, cloud logins. Each one is a potential doorway for attackers. But when viewed together, those identity signals create a map — one that can reveal the earliest warning …
The post Why Identity Intelligence Is the Front Line of Cyber Defense appeared first on Security Boulevard.
Google and Yahoo announce new email security requirements to take email fraud prevention to the next level in 2024, for a less spammy and secure inbox.
The post Google and Yahoo Updated Email Authentication Requirements for 2025 appeared first on Security Boulevard.
Learn how to configure SPF, DKIM, and DMARC for Zoho Mail to secure your domain, prevent spoofing, and boost email deliverability step-by-step.
The post A Step-by-Step Guide to Setting Up SPF, DKIM, and DMARC for Zoho Mail appeared first on Security Boulevard.
Learn how to set up SPF, DKIM, and DMARC for MailerLite to secure your domain, prevent spoofing, and boost email deliverability step-by-step.
The post A Step-by-Step Guide to Setting Up SPF, DKIM, and DMARC for MailerLite appeared first on Security Boulevard.
The post The Usual Suspects: 9 Dangerous File Types Every CISO Should Know appeared first on Votiro.
The post The Usual Suspects: 9 Dangerous File Types Every CISO Should Know appeared first on Security Boulevard.
SANTA CLARA, Calif., November 4, 2025 – The 18th Global Security Analyst Summit (SAS) concluded successfully in Khao Lak, Thailand. Focused on the complexity of APT attacks, the summit exposed the latest attack activities from Hacking Team and disclosed multiple major security risk incidents. It gathered top global cybersecurity experts, academic elites, and law enforcement representatives to […]
The post NSFOCUS in SAS 2025: Unveiling Secrets Behind Large-Scale DDoS Attacks on AI Platform and Social Media appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS in SAS 2025: Unveiling Secrets Behind Large-Scale DDoS Attacks on AI Platform and Social Media appeared first on Security Boulevard.
Synthetic identity theft — where criminals combine real and fabricated data to create entirely new “people” — is one of the fastest-growing forms of digital fraud. Unlike traditional identity theft, which steals from real individuals, synthetic identity fraud manufactures fake identities that appear legitimate to verification systems. This sophisticated type of fraud is costing organizations …
The post Synthetic Identity Theft in 2025: How Digital Identity Intelligence Detects Fraud That Doesn’t Exist appeared first on Security Boulevard.
In this episode of “The Defender’s Log,” host David Redekop interviews Alexander Rau, a cybersecurity partner at KPMG, about the evolving incident response (IR) landscape.
Rau notes that the past summer was exceptionally busy for IR, driven largely by zero-day firewall vulnerabilities. He highlights that threat actors are innovating, even using AI chatbots for initial ransom negotiations.
They discuss the challenges of the “human element.” Rau warns that multi-factor authentication (MFA) is no longer a silver bullet against Business Email Compromise (BEC) due to threats like session token stealing and sophisticated deepfakes.
Rau expresses significant concern for small-to-medium businesses (SMBs), which he calls the “backbone of the Canadian industry.” He observes that SMBs often lack the resources for proactive cybersecurity, only prioritizing it after a devastating breach. When an incident occurs, Rau says his team’s role is to bring a calm, methodical “marathon, not a sprint” approach to the client’s chaos.
Rau’s final advice, especially for SMBs, is to ask for help. He stresses that investing in proactive security, even through a small managed services provider, is far cheaper than the costs of recovering from an attack.
Full episode of The Defender’s Log here:
Defending the Frontline: Ransomware, AI, and Real-World Lessons | Alexander Rau | The Defender's Log
View it on YouTube: https://www.youtube.com/watch?v=-YuAxmB0yGQ
Listen to the episode on your favourite podcast platform:
Spotify
https://open.spotify.com/episode/66Eu50G1q0eZZaOlpEu1tA
ADAMnetworks
https://adamnet.works
In Today’s Episode:
(Intro Music/Voiceover)
Voiceover: Deep in the digital shadows, where threats hide behind any random bite, a fearless crew of cyber security warriors guards the line between chaos and order. Their epic battles rarely spoken of until today. Welcome to the Defenders Log, where we crack open the secrets of top security chiefs, CISOs, and architects who faced the abyss and won. Here’s your host, David Reicop.
David: Welcome back to another episode of The Defender’s Log. This is episode number eight and with me today I have Alexander Rau. Alex, I’m so glad that you could be here today. Alex is a partner in cyber security at KPMG and we have some horror stories to exchange today to some degree. We were just talking during the introduction, Alex, about how we have really the real world around us, right? We have computer noise. We have our notifications here. So hopefully you’re not going to have to bail in the middle of this episode for another incident response. How are you, Alex?
Alex: I’m good. Thanks for having me, David. It’s a real pleasure to be here. Yes, you’re right. And I hope that if something happens, although it’s Monday, usually these things happen on a Friday or a long weekend, so we might be safe, right? But I don’t want to jinx it.
Alex: What is interesting and I don’t know if you want me to to get into the stories right now is that uh usually when it comes to sort of cyber attacks you can see a cycle right you see our Christmas is busy like I sort of say the the western Christmas is busy but then the uh the phase after Christmas is becoming a little more slow but uh this year the summer has been an exception in my opinion from the work that we have seen from the uh ransomware events that we have been brought into to the unfortunate events that happened to happened to our clients. It has been the busiest summer for me and my team since I’ve been started in instant response and uh that was largely due to a lot of zero day vulnerabilities that uh have been around in the wild around some of the firewalls from firewall manufacturers and uh they were heavily exploited by some of the threat actors out there to the point where uh I think they got too busy um to to attack our clients. So, and they kept us busy, too, unfortunately. So, it’s uh it was a different summer for sure. Um it has died down a little bit, but we expect for the American Thanksgiving that things might be picking up again.
David: Wow. So, out of all the years that you’ve been doing incident response work, this is the busiest summer at and so you were what tapped with your existing capacity?
Alex: We were almost at capacity. So incident response is like uh I always compare to firefighters right you can never predict when you will be busy so you always have to be staffed and you always have to be staffed sort of I think a little bit more because we also have for example retainer clients right so and we have SLAs with those retainer clients and usually what happens when the flat gates open then everybody needs you right so we have to ensure and we have to make sure that in addition to the work that comes in on a daily basis we’re still there to respond at the SLAs’s to our retainer clients. So we were near capacity. The fortunate part and uh a pluck for KPMG here is that uh we were just named a leader in the IDC quadrant for worldwide instant response. So the positive here is even if our team is at capacity that doesn’t mean that we’ll run out of capacity. We can always reach out to our friends south of the border for additional capacity. and even the rest of the world. We have we’re very working very closely with our member firms across the globe to not only uh work together on instant but al incidents but also share cyber threat intelligence uh share knowledge what’s happening in your corner of the world that could be very beneficial right to gain that knowledge and there’s one thing to get CTI through official CTI channels but there’s another one if you actually directly talk to people who are in the trenches and uh are responding to incidents globally worldwide, right? So, yeah.
David: I find that threat intelligence sharing is an ecosystem that has evolved uh over time. Uh but it’s this constant uh slow stepping game where there are some aspects of what we find in the industry that are best held close to our chest because it gives us a competitive advantage and yet um by the same token we want to collectively defeat the adversary more efficiently. though a lot of sharing is a good idea and so how have you found a way to balance that?
Alex: It’s interesting because we know of all the ISACs, right? There’s the FSISAC, there’s the mining ISAC, there’s others that are committed to sharing, right? We have the CCTX, the Canadian cyber threats exchange and I think the number one idea here is to share threats before they become a threat to other organizations, right? So you can stay ahead of the game. But uh when we talk to our clients who are sometimes member of those ISACs and uh we run through a scenario for example and we ask them at what point would you notify your peers in the ISAC and then suddenly the lawyers are getting engaged and saying well we shouldn’t really talk about to the outside of what’s going on with us right so I think there is a little bit of a push and pull of the people who do want to do do the right thing but the process not sometimes allowing us to do the right thing and I think what’s important here is with the with that concept is that it happens on a timely basis right because often times these threat actors they find a vulnerability then they probably maybe take an IND industry approach because you find similar technologies within similar industries right so wouldn’t it be beneficial for your competitor technically right to know that there’s potentially an attack happening on them. But uh I think there could definitely be more room there’s more room for improvement when it comes to sharing of that information because we we are bound within our organization but on the other hand we want to help the country as a whole right to be better defensible against those threat actors and uh and I think we have seen positive signals right with the CCTX with the Canadian government taking more of an interest and now with the latest sort of uh government frameworks around critical infrastructure and so on to to make it better uh to to protect I guess not only Canadians but the world as a whole.
David: Right. Right.
David: I mean one of the uh groups that uh we’re constantly seeing launching new uh ransomware campaigns successfully don’t even rely on uh unpatched systems anymore. They actually rely on deceiving human beings to paste scripts into an elevated PowerShell uh window and living off the land so to speak. How what percentage of the incidents that you respond to fall into that category now would you say?
Alex: Sort of the fishing or the tricking of humans uh like social piece to it. Uh yeah, that’s an interesting question. We see a lot of the two main categories of instance we see are number one ransomware and number two business email compromise. Right? So when it comes to ransomware I would have to say the majority of incidents are happening or happened the last couple of months and that that can change through technology misconfiguration zero days or things like that right or vulnerabilities like from a VPN perspective. uh when it comes to business email compromise there’s I think there’s a larger human element in opening the door for those threat actors right and we were hailing for the last couple years multi-factor authentication is the silver bullet when it comes to email compromise and fishing but uh we all know that’s not necessarily the case because now we see uh session token stealing right and then the threat actors can even MFA is enabled, they can still get access to confidential data, right? So we need to stay ahead and I think it becomes more and more challenging when you add that social human element to it, right? Like and and I think that element has been around since criminals were trying to steal money or other events from other people. be it be it in the olden days right when fraud and deceiving was always there and now we just see it with technology added to it right um I don’t want to divert the the conversation into the whole deep fake uh risks that we’re facing these days right like uh how do you guys know that you’re talking to me right now and we have seen some examples where individuals within organizations have been tricked to performing tasks that they weren’t supposed to do because they were told to by a non-real person and um to to defend against that. Like now we’re saying it will be a challenge and it is a challenge because it’s new, right? But we’ll find a way to defend against it, but then the threat actors will find another way to add something else to it. So I think it’s a constant cycle where I think the threat actors are always a step ahead and we’re trying to catch up and uh I have clicked on a fishing link, right? I can’t say I’ve fallen for a phone call yet because we’re doing less and less phone calls, but we get text messages and and and things like that. So I think with AI, they’re threat actors have become more and more sophisticated. The days are gone where the Nigerian prince had spelling errors in his email, right? So now they craft emails better than me or now you can clone everybody’s voice that has a YouTube video. This podcast could be used to clone your voice and my voice with free tools that are out there. So do more awareness with our clients with our peers within the family like our children who are growing up in this new era like in this changing era I should say right we have to prepare them so because they’re vulnerable they lack the experience and the expertise a lot of vulnerable population out there right and now I’m talking very very from a threat actor and from a cyber security risk perspective very targeted to individuals but the same is true for uh employees within an organization right there. We have and I don’t even want to say more or less technically sophisticated people. I don’t think it matters. I think what those bad actors go after is the human element and the fact that we want to help people, right? So, and that’s what they’re exploiting which is unfortunate. So, yeah.
David: I just had a conversation with our uh son over the weekend about um the ability to detect fake from real. And it’s not that we haven’t had this problem before, right? I mean, there’s entire industries around uh luxury watches where even the original manufacturers have a hard time sometimes distinguishing between something they actually manufactured versus something that was done elsewhere. In that same effort towards a really strong fake equivalency is being applied everywhere. And uh so we’re looking for those subtle hints like it’s not necessarily pixels, but it’s the messaging or it’s the exact words if it’s too smooth or or whatever it may be. I’m afraid that this might be the last generation of young kids, the ones that had some level awareness of what messaging looked like when it was authentic versus AI. I find that when I put our sons towards uh comparing the two, they’re pretty good. In many cases, they’re better than I am. And this speaks to how older generations uh today, people that are 10, 20, 30 years older than we are are the ones that are most su most susceptible to phone scams. I mean, um for goodness sake, my own mother-in-law, I hope she is not listening. This is not to uh embarrass anybody, but she recently came very close becoming victimized uh by someone pretending to be her grandson.
Alex: Yeah.
David: Right. And uh so these scams are everywhere and it’s frightening to to think that the next generation will be growing up with that natively. So maybe they will have a better signal detector that something isn’t quite right than we give them credit to be. I don’t know.
David: But um before we jump into some more stories, uh Alex, I I wonder if you would because I don’t even know what’s your origin story, how did you ever even get interested in this space? Like most of us did not have this position uh as even foreseeable back in our university days, right? So how did you, what was the initial trigger that got you uh going in this direction in your career?
Alex: For me it was uh honestly I believe being needing the right people right and uh I met uh someone while I was uh the IT manager for a very small company. He was a client of the organization and he worked for IBM and we enjoyed talking to each other from a tech technology perspective and uh he guided me and uh he recommended to me that I should look into doing my CISSP because it’s a security certification and at the time I I can’t speak to nowadays but at the time it was very highly regarded as the certification like uh it was at the time when you had the six-hour pencil uh exam still, right? So, yeah, look at my hair. That’s how and I have to say it was one of the toughest exams that I studied for because what did they say? It’s like a wide world. That’s not very deep, but it’s very wide, right? You have to know a lot of things. And uh that’s really what for me what I would pin pivotal event in my career to to get into the cyber security space right and and then through that I was able then to at the time uh join IBM and that’s where I learned the ropes right uh was part of a penetration testing team like from from the ground up and then from there I went to semantic mand and then I ended up here at KPMG leading being a a team of instant responders and uh one thing that every time I I did a career change and I talked to the people at the new company and they asked me what are you looking for I’m looking for a career where every day is different right like where something new and and and certainly in cyber security we have that right not only is the threat landscape changing very rapidly and and even more so right like with AI now it’s it’s going even faster but uh also the clients that were dealing with, right? And uh and seeing the different environments, the different challenges that they’re dealing with. So, yeah, that’s a very uh short excerpt of how I ended up where I am, right? And uh but I’m grateful. I don’t regret anything. I think uh being in the space has opened so many doors for me. I’ve met so many people. We got to know each other, which is great. uh because uh we as an industry right we are here to and I alluded to this earlier we are here to make I think the world a better place be it for our children your your your mother who you talked about directly or indirectly but also for many organizations when we work for the IBMs for the KPMGs everybody thinks that oh you guys are only like working with like you’re helping the top 50 companies in Canada, right? But to be honest from that aspect, I feel our clients in that space are very mature, right? Like we from an IR perspective, we don’t see a lot from them.
Alex: What I’m really concerned about, what I’ve seen a lot is that small medium business, which is the backbone of the Canadian industry, right? They are having a really hard time with catching up with the cyber security train, right? Understandably so, right? Because what do they focus on? They’re doing what they’re doing best in manufacturing a piece of equipment for a GM or whatever, right? Or whatever. And that’s what they’re good at. And with the recent pressures the last couple of years with inflation, workforce and so on, cyber security is not top of mind, right? As much as you and I would love to go out there and we always preach it pro be proactive, right? Have a cyber security program, have the latest and greatest technology, make sure you do all of these things, but all of these things cost money. All of these things cost resources, right? When you are a business owner, small medium business owner, and you really are crunched for your margins on what you do, I think cyber security falls often times between the cracks until you have an incident, right? And then and then you’re a small manufacturer and none of your machinery you can’t you can’t deliver like uh number one, you can’t produce. If you can’t produce, you can’t make revenue, right? You can’t pay your people. your suppliers or third parties might come after you because you couldn’t fulfill your SLAs. So that’s when people are starting to think unfortunately about cyber security right and that’s that we we meet clients at the worst of times unfortunately right and right it’s a joke when I talk to my clients like when I have a when we do some proactive work too right helping them with tabletop exercises and uh build IR plans and and things like that so when when we finish a project or when we talk to them once in a while on catchups we always were joking like you’re the guy I’m the guy that they want don’t want to see because if they see me, something goes wrong, right? So, uh and that’s the unfortunate part. I don’t know if you were recording yet, but uh it’s it it doesn’t happen on a Monday morning. It happens on a Friday night of a long weekend. And what do you do then? So, yeah.
David: Yeah. No, you mentioned that about uh your career that what you found appealing was that you’re looking for something where you wouldn’t be doing the same thing every day. And uh and maybe that explains why you haven’t bailed yet because there’s such a high turnover in the incident response representation because of the large amount of stress, right? Anybody who’s been through an incident would understand that that stress that the stakeholder or the person responsible that has let their guard down or feels like if only they had done something else now they wouldn’t be in this position. that directly translates to the incident response team. Um unless they have like super strong insulation against that kind of you know stress transfer but it is new right it is different each time and so u we do need some sustainability because a lot of the folks who are most equipped at doing that are the ones that just can’t sustain the pressure for too long. Mhm. So, uh, good on you for looking for that change and now having that change. And that’s partly what Yeah.
Alex: Interesting. It’s interesting that you say that though because the stress of an incident that you were describing is mostly on the victim’s side, right? The organization is getting hit. So, yeah.
David: Right.
Alex: Obviously, when we, my team, we do this 50 60 70 times a year, right? So for us right there is stress but it’s a different stress the stress is to help our client like they have a ransomware the first thing the CEO says how quickly can I pay when can I go back into production right so so but we need to guide them through the process because it doesn’t happen as quickly there’s a methodology we need to follow and as much as we have a different stress we are still empathetic with what they’re going through right the one of the sayings that I learned from a co dear colleague of mine he said it’s it’s not a sprint it’s a marathon unfortunately right that that we have to go through and uh the stresses are different depending on what side you’re on uh on the the supporting side like my team but I think we then bring that expertise and experience of having run through 50 60 ransomware incidents a year that we can then help our clients with. This is the methodology we follow and and because you you can be prepared and I wrote a blog post about this years ago like uh you can plan for everything but there’s a famous saying as soon as you hit the enemy right you can throw all your plans out the window and that’s the same thing like when somebody gets hit with a ransom organization even though they have an IR plan even there’s a table the first couple hours are still chicken with the head cut off kind of moments right because you still you have to find that rhythm you have to find and then often times that’s what we actually help with, right? Like we come, we bring sort of uh a plan to that chaos. We help them to find the footing and then really we guide them through the process and they’re actually doing the recovery and but we help them to get there. Right. So,
David: Right. Right. Is there some purposeful unwinding that you or your own team does and or guiding the client uh through that? because it seems to me with that amount of uh pressure on everybody that there might be a stand just like you have a standardized procedure for attacking an incident maybe also have a standardized unwinding procedure.
Alex: It’s not necessarily standardized, but I think that we talked a little bit the great thing is at KPMG here, we have a large team like at we have the largest French-speaking instant response team based out of Quebec um outside of France, which is great, right? And uh so and we have also I think the benefit that KPMG is not a sole instant response firm where if our instant responders are I think our breaks come from the cycles in the attacks that I mentioned earlier but also by the number that the teams that we have that we can rotate around and I speak for myself I when I’m when I don’t have an incident or when I’m not busy that’s what that causes me stress I if I have three incidents on the go at the same time that’s what I th that I guess that’s my personal I think there is some characteristic for instant responders that they thrive on that stress they they thrive on those situations that it’s almost kind of uh the opposite the fact that we that’s our relaxation rather than sitting at the beach not having something on the phone which kind of sounds too that’s I love that I love doing that too right but I think that that cycle comes from having it staff properly, right? And uh actually telling but the true challenge and that’s what you’re saying. The true challenge is that for our clients when they experience a cyber incident, it’s all hands on deck and it can go on for days. But the weakest link again is the human factor and we need rest, we need sleep. If you’re stressed, if you’re not sleeping, you make mistakes. So our team can also then help come we become partners of our clients and the client then has additional team members us to that so they can have a rotation as well they can take breaks right and they can recharge and uh so what’s really important I think is for leadership in organizations to understand that concept what I was talking earl about that it’s a a marathon and not a sprint that things take time and people cannot work uh more than 24 hours in a day, right? And uh a friend of mine uh a classic uh quote that he once gave is when we helped the client with an instant response is you can’t create a baby in one month with nine men. It takes nine months, right? So um no matter what you do, there is a process we need to follow.
David: Right. Yeah. I find that it’s a uh really important aspect to understand that certain areas of an incident response uh project needs to be managed by a very small purposeful amount of people and throwing more people at it just complicates. It adds more overhead and there is an optimization opportunity there where you just get maximum amount of productivity out of the smallest possible team. And if you’re doing 50 60 of these, then I’m sure you’ve arrived at that.
David: Do you have any um particular um incident that’s like the most memorable one that you can think of this year? Like what’s the number one without revealing specific details? What was the most memorable one that you had this year?
Alex: So maybe not an incident per se, but uh we have seen a lot of the same threat actors this year, right? We saw a lot of Akira, we saw a lot of Quillin Group, right? And what’s sort of memorable this year is how the threat actors the same way that we’re busy, they’re busy, right? So um and they’re also human beings. So we have stories where the threat actor this is not part of the KPMG work but we through the lawyers we sort of hear about how they engage a ransom negotiator if the client so wishes to engage with them. And I would say nine times out of 10 a ransom negotiator gets involved because number one you can buy time right you can start talking to them and uh delay sort of the initial deadline that they gave you about uh public publicizing the private data and so on. So but so we hear through them and we’re we’re all we know each other right? So, but what was really interesting this year is how the threat actors admittedly uh told everyone that they are utilizing AI to also to improve their processes. Right? So, there was one uh situation where the threat actor admitted that they were so busy that the initial ransom negotiations are being done actually by a chatbot. Um so and only the final stages of the negotiation were done in person with a threat actor on with the actual p threat actor person on the other side. So, that was one that stuck around with me this year and is interesting are the cases that uh are not necessarily following a methodology, right? So, I would say eight 8020 rule like 80% of the ransomware cases they follow a playbook and this we use a similar playbook to respond, recover and contain the incident. But then once in a while there’s a case where uh the threat actor had uh gained additional access for example got access to the email system and they were actually admitting that they can read the email traffic between the lawyers and the ransom negotiator and themselves. So um that those sort of things when there’s an extra little when the threat actor gets a little bit more access and then you know and you see that’s actually real people that you’re fighting against, right? Those are the ones that stick in my mind the most. Right. So, and then unfortunately it’s where we get clients of all sizes, all industries, and those threat actors, they don’t care who they attack. If there’s an opportunity, they go after them, right? And we talked about your mom, we talked about children, and there is organizations out there who are dealing with vulnerable populations, right? We were on calls with them and they then asked, “Well, can you not tell them that we’re a social uh institution, we don’t have any money, we’re dealing with the vulnerable, right?” And uh and some threat actors, they don’t care, right? Like we have others uh threat actors, right, in the past who said if it’s like uh attacking hospitals or stuff, we will not condone that. But uh yeah, some of the newer threat actor groups, right, we see a lot of splinter groups with AI now and uh ransomware as a service. You never know who’s sitting on the keyboard on the other side. Honestly, sometimes for them, it’s really about transaction. If they can make Bitcoin, that’s what they’re after. They don’t care about the human element behind it. And then that’s sort of the hard part for us that those are ones that stick in my mind like when you’re dealing with a children’s aid society that got hit, right? or a school board, right? And you always get the we always talk about the first question, oh will you pay ransom? Should we pay ransom? Right? And a lot of people said right away, well, we will never pay a ransom, right? But then we’re in an incident and we find out that uh data of children has been stolen, right? And uh there’s the truth, the schools of thoughts, right? The law enforcement, they say you never pay a ransom, right? Like the horses out of the barn, they can always come back. But then there’s the other side that if we pay the ransom that data then doesn’t get out and so far we have to say that uh the threat actors are true to their word right if you pay them they uh they don’t release but that doesn’t mean they don’t still don’t have it somewhere and may come back right we have we have seen a couple of incidents this year where third party uh SAS services were breached right and if that service provider doesn’t pay they might go after the victims that are clients of theirs, right? So, it’s uh it’s becoming interesting and then there’s when they change tactics in a way that you know what you have your ransomware playbook, but then they actually call somebody and say, "Hey, we that there’s another human element, right? So, it’s then it loses its anonymity too, right? So many stories, too many to tell, but uh it’s the victims, certain victim organizations and some ways the threat actors are behaving when they’re changing their tactics and we come and even like um we had one case this year where we knew the threat actor has a playbook. They steal data, they encrypt, right? And then we had a couple where they just encrypt it. And we said, “Wow, that’s very unusual. Why would they do that?” Right? And then the next case we heard, we heard from them from the ransom negotiator that uh they told us that they are so busy right now. They’re just getting out there and encrypting everything. They don’t have time to set up data and they just want to get everybody encrypted right now. So they’re changing playbooks on the fly too, right? Because as they say, you can’t probably see on my part in the podcast that I have new air quotes, they’re running a business, too, right?
David: Yeah. Yeah, and that’s the key to their way of thinking, they’re just running any business that uh runs on having a competitive advantage. And their internal competitive advantage is knowing more about where your weaknesses are, including whether or not you have ransomware, cyber insurance, knowing whether you have the ability to recover, knowing whether you know your finances are in a position where you would be inclined to pay a ransom. In fact, most of the time that the ransom amount is determined is based on an optimization algorithm to extract the maximum amount that you would be willing to pay as a victim, right? It’s really gotten incredibly sophisticated. It’s crazy. And what one of the things that we’ve noticed recently is that they really are targeting uh successfully those uh smalltime uh ISPs that have never enabled uh multifactor authentication in their email because that’s where business email compromise is actually a lot easier than it is with uh NMFA uh enforced by default. Like if you have a Gmail or or Microsoft account that you’re using personally, uh chances are by now you’ve been convinced to add at least one two-actor authentication element, but there’s a lot of these smalltime ISPs that were around 30 years ago, 20 years ago that have never enabled it. And so some of them are now to the point where what they’re doing is they’re saying, "You know what we’re going to do? We’re going to shut down our email system because too many of our customers have had some kind of an incident. You’re going to have to move off of our system. Yeah. And this is happening right here in our home province of Ontario, right? Um it’s it’s uh that that trend to me is in a way um sad that it takes so many victims in order to have a positive direction uh take place from a you know a securing posture perspective from these companies. But it’s also understandable because their core business is providing connectivity not email. years ago providing the email was just like a necessity but not anymore.
Alex: Yeah. But I also like we also talk about the the bad things that are happening in the industry but you mentioned like uh if you have Gmail or or Microsoft and and things like that I have to say that they have um there have been a lot of good things coming out right like that we are forced now to do multifactor authentication. And I think our financial institutions are trying to better protect their customers, right? Especially um the vulnerable population with um multifactor pushing multifactor authentication. I think we’re sort of past that point where the general population is chalking this up. Oh, this is extra work. This is people are understanding now that this is to their benefit, right? And um and so I think that has been a big paradigm shift I think over the last couple of years where now you you talked about the generations that’s coming up that generation now they they don’t know anything different than multifactor authentication right like
David: that’s right
Alex: and and even when multifactor authentication first sort of came in and uh we we had to press a number that’s the same number on the screen right and then even that uh with MFA fatigue now has sort of come under scrutiny, but now you have to so it’s also changing and adapting, right? So now you actually have to type the number, right? So it only can be you and then there’s certain things that uh that are making it better, easier there is no uh perfect solution, right? I think a lot still has to do with awareness, training, things like that. and and unfortunately I would say the majority if it’s in personal life or in business life unfortunately something has to happen first for somebody to really learn right and and that’s the the unfortunate part especially with our business I think from I don’t have the latest numbers and there’s tons of reports out there but from a from a harm to the economy from a national perspective cyber crime is is huge right and that didn’t exist in that magnitude to 10, 15, 20 years ago. Right. So,
David: Right. Right.
Alex: It’s definitely changing and that money that is being extorted from this country is also not staying in the country, right? It’s going overseas.
David: right
Alex: It’s going to other places. So, I think there’s a double whammy for the economy, right? It’s being extracted and not being respent.
David: And tracking that information, tracking that number is notoriously difficult because you have uh areas where for example if your ransomware demand is to Russia uh or it’s a known uh Russian attacker and there are sanctions against um paying Russia that makes the ransom payment technically illegal. And so the circumvention around that is to pay the incident responder um so that there’s an arms length removal of the payment. I don’t know how that would stand up if that was ever scrutinized. But at the end of the day, it’s a business decision by the business stakeholder that has to decide is my business going to survive without the ransom payment. If the business will die without getting recovery versus the business will survive if we pay the ransom, then strictly from a business point of view, that’s an obvious decision that the business owner is going to make. It’s not realistic for those of us that have uh used the stance for years. Don’t pay the ransom. Of course, we’d love for that. If no one ever paid the ransom, the whole industry would disappear, but it’s just not practical. So, we do live in the real business world after all.
Alex: Yeah. So, for clarification, as the instant responder, we would never pay a ransom. We’re not in the paying ransom business. There’s special channels to go through that. And I think you’re right. Even if the company itself wouldn’t pay a sanctioned threat actor, they would still be responsible if they directed a third party to pay that ransom, right? So, yeah, it’s a business decision. But what is the scenario look like if you’re willing, let’s say you are willing to pay it, but you can’t because it is a sanctioned threat after, right? So then you’re really in in caught in between because then you can’t then you can’t I don’t want to say take advantage of paying the ransom because it’s like not good wording but you will have to um there will have to be a decision right and and and more often it’s I think ransom payments went down I think for the so if you had asked me like a year ago I would have said it’s probably 40 60 70 of uh organizations paying the ransom, but I’ve seen it going up um almost the opposite. Again, the pendulum has swung just simply the way that uh the threat actors are uh getting access to and and encrypting the systems. They’re going after the virtual environments. The backups are encrypted and then if you can’t recover, then you have to pay, right?
David: And it’s the double extortion, right? that added their ability to extract with a higher rate by saying, “Well, if you don’t pay, then we’ll also release your data.” Um, and that secondary extortion really gave them the threat actor uh a negotiation advantage. Man, that’s crazy. I’m glad you clarified that you never have. We haven’t either. Um, I just know of, you know, uh, perhaps shadier incident responders that, uh, found that to be an area where they could then offer help.
Alex: Well, it’s not so much that, it’s how many victims don’t even ask for help during an incident, right? They go directly to the fact they pay. They don’t even get the advantage of talking to the experts how you should deal with it and not to pay, right? So there’s a big number in the dark that we don’t even know about. We only can speak to the ones that actually come to us, right? So that’s the unfortunate part, too. So
David: That’s crazy. You know what? We really need to have uh you bring on a ransom negotiator and a lawyer and we’ll have a conversation. Uh I think that would be really really good.
David: I know you have a time crunch coming up. Uh, Alex, do you have any uh last inspiring note or or encouragement that you want to leave with those that have or haven’t been ransomed yet? Yeah. What’s some wisdom that Alex wants to share?
Alex: I usually say the same thing when I get asked that question and I focus again on that segment of our economy that small medium business where cyber security is not top of mind and where they feel that uh they can’t do anything about it. But my advice here, what’s really on my mind is ask for help. Ask people who know what they’re doing. You get a better ROI. Even if you get a small managed security services provider to help you with that, the cost is cheaper. Yes, we always say the cost is cheaper to do it proactively than to pay a ransom later, right? So really my messaging, ask for help. Ask the experts. you get more for your money than if you do it yourself or you pay less before than you would have to pay after the breach. So that’s really my messaging that I have.
David: All right. So ask for help, pay a little bit now, don’t pay a lot later.
Alex: Pretty much that’s Well, really appreciate you having me on. This was a fun conversation and we talked about this before. We can probably talk for another two hours, but uh
David: Yeah, we sure can. It was a pleasure being
Alex: and likewise
David: and I look forward to our next project together, Alex. You’re a real uh fun guy to uh work with together. We see eye to eye here. Our mission is to uh protect people and that’s what we do and you do the same and so it’s nice working together and we’ll catch up with you again real soon.
Alex: Sounds good. Thank you so much.
David: Bye-bye.
(Outro Music/Voiceover)
Voiceover: The defender’s log requires more than a conversation. It takes action, research, and collective wisdom. If today’s episode resonated with you, we’d love to hear your insights. Join the conversation and help us shape the future together. We’ll be back with more stories, strategies, and real world solutions that are making a difference for everyone. In the meantime, be sure to subscribe, rate, write a review, and share it with someone you think would benefit from it, too. Thanks for listening, and we’ll see you on the next episode.
1 post - 1 participant
The post TDL 008 | Defending the Frontline: Ransomware, AI, and Real-World Lessons appeared first on Security Boulevard.
DNS over HTTPS (DoH) and other encrypted DNS protocols like DNS over TLS (DoT) & DNS over QUIC (DoQ) enhances user privacy and security by encrypting DNS queries in transit, shielding them from eavesdropping, tampering, and censorship on untrusted networks. This prevents ISPs and local attackers from logging or manipulating domain resolutions, fostering a more trustworthy internet experience.
However, a key setback is that conventional application of encrypted DNS causes network defenders—such as enterprise admins or parental controls— to lose visibility and enforcement over DNS traffic, undermining their ability to apply Protective DNS rules, block malicious domains, or monitor for threats.
The status-quo response to this problem is to attempt to block DoH services to regain the security control of PDNS, and sacrifice the security value of DoH in the process. This is in some cases very hard to do and stealthy malware goes to great extreme to not be detected when using DoH as C2 channel.
See CISA’s Memorandum from 2020
The good news is that the use of a local Zero Trust Resolver could allow defenders to have the benefit of using DoT, DoH & DoQ while maintaining complete control over DNS policy enforcement.
The focus here is on a gateway-level approach which means no modification to endpoint devices’ DNS needs to be made.
In the case where an endpoint attempts to use a non-assigned DNS resolver, let’s use this example in a lab on my macOS environment. Encrypted DNS is offered opportunistically via DDR:
Logindavidredekop@mbpro ~ % cat /etc/resolv.conf |grep nameserver
nameserver 10.53.10.1
davidredekop@mbpro ~ % netstat -nr | grep default
default 10.53.10.1 UGScg en6
davidredekop@mbpro ~ % dig TYPE64 _dns.resolver.arpa
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 7915
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; _dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 60 IN SVCB 1 anw-jcmhp33c4zj.2my.network. alpn="h2" port=443 ipv4hint=10.53.10.1 dohpath="/dns-query{?dns}"
;; Received 131 B
;; Time 2025-10-31 13:42:46 EDT
;; From 10.53.10.1@53(UDP) in 2.3 ms
The gateway and assigned DNS resolver is the only way that outbound traffic will be allowed. Now let’s see what happens if we use a non-local resolver, which is going to get hijacked when using Do53:
davidredekop@mbpro ~ % dig @1.1.1.1 badactor.co
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 4580
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; badactor.co. IN A
;; ANSWER SECTION:
badactor.co. 60 IN A 10.53.10.1
;; Received 56 B
;; Time 2025-10-31 09:48:09 EDT
;; From 1.1.1.1@53(UDP) in 1.5 ms
What we see here is that an answer was provided, which is the blocked IP address. The endpoint experiences a policy-based answer, even though it attempts to bypass it. This demonstrates that Do53 queries are zero risk while simultaneously having full functionality as the policy engine permits.
This is where DTTS (Don’t Talk To Strangers) kicks in. Let’s use the same environment and try and use a DoT or DoH query:
davidredekop@mbpro ~ % dig +tls @1.1.1.1 badactor.co.
;; WARNING: can't connect to 1.1.1.1@853(TLS)
;; ERROR: failed to query server 1.1.1.1@853(TCP)
davidredekop@mbpro ~ % dig +https @1.1.1.1 badactor.co.
;; WARNING: can't connect to 1.1.1.1@443(HTTPS)
;; ERROR: failed to query server 1.1.1.1@443(TCP)
Unlike Do53 hijacking above, DoT and DoH are not hijackable and shouldn’t be. However, the DNS query attempts are simply blocked.
It is really important to understand that this blocking isn’t happening via a blocklist. This blocking of direct-by-IP is because 1.1.1.1 was not resolved by an allowed DNS query to begin with. Any attempt to do so will fail at the DNS level with the default rule of Enable DNS firewalling. For example:
davidredekop@mbpro ~ % dig one.one.one.one
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 30152
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; EDE: 17 (Filtered): 'nxdomain-ed by rule'
;; QUESTION SECTION:
;; one.one.one.one. IN A
;; Received 69 B
;; Time 2025-10-31 10:29:39 EDT
;; From 10.53.10.1@53(UDP) in 1.8 ms
Any DNS-based blocking also includes an Extended DNS Error (EDE) as can be seen above.
Let’s try and use a deliberately-allowed DoH service as an example of one that wasn’t DNS-blocked, and therefore DNS queries are made blind to the network controller.
It is impossible to enumerate or detect all DoH URLs with certainty, so let’s just use dns.google for the sake of this illustration. But first, remember:
The network-assigned DNS resolver is the local gateway running DTTS (Don’t Talk To Strangers)
The endpoint’s only outgoing IP connections must be verified by policy and resolved at the assigned resolver, which creates a short-lived allow rule
Any other IP discovery service does not indiscriminately allow egress
Let’s try it out by attempting a simple DoH resolution:
davidredekop@mbpro ~ % dig +https @dns.google www.example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; HTTP session (HTTP/2-POST)-(dns.google/dns-query)-(status: 200)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 0
;; Flags: qr rd ra; QUERY: 1; ANSWER: 4; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 310 B
;; QUESTION SECTION:
;; www.example.com. IN A
;; ANSWER SECTION:
www.example.com. 291 IN CNAME www.example.com-v4.edgesuite.net.
www.example.com-v4.edgesuite.net. 16006 IN CNAME a1422.dscr.akamai.net.
a1422.dscr.akamai.net. 14 IN A 23.223.17.165
a1422.dscr.akamai.net. 14 IN A 23.223.17.179
;; Received 468 B
;; Time 2025-10-31 10:48:23 EDT
;; From 8.8.8.8@443(HTTPS) in 55.4 ms
This is the concern and the “blind” aspect that network defenders are concerned about and perfectly describes the frustration of “my network, my rules” was taken away from the defenders.
Ok fine, the resolution took place, but from the perspective of Zero Trust connectivity, that IP address is a stranger and has not been added to the outbound short-lived allow rule.
Attempting to connect with curl does this:
davidredekop@mbpro ~ % curl -v -k https://23.223.17.165
* Trying 23.223.17.165:443...
* connect to 23.223.17.165 port 443 from 10.53.10.149 port 62336 failed: Connection refused
* Failed to connect to 23.223.17.165 port 443 after 3 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to 23.223.17.165 port 443 after 3 ms: Couldn't connect to server
The rejection is happening at the gateway. This is because from the perspective of the security gateway, 23.223.17.165 is a stranger. The name resolution did not occur on the network-assigned resolver and gateway, so it’s not part of any allow rule.
On the other hand, www.example.com works just fine when following policy:
davidredekop@mbpro ~ % curl https://www.example.com
<!doctype html><html lang="en"><head><title>Example Domain</title><meta name="viewport" content="width=device-width, initial-scale=1"><style>body{background:#eee;width:60vw;margin:15vh auto;font-family:system-ui,sans-serif}h1{font-size:1.5em}div{opacity:0.8}a:link,a:visited{color:#348}</style><body><div><h1>Example Domain</h1><p>This domain is for use in documentation examples without needing permission. Avoid use in operations.<p><a href="https://iana.org/domains/example">Learn more</a></div></body></html>
This default-deny-all is and can be done at scale with this approach. For scenarios where external DNS resources must be allowed during onboarding and avoid disruption of connectivity, of course it can be facilitated with a modified, permissive policy, which can be selectively assigned.
Once a rollout is complete, though, the target state offers DNS Encryption inside the perimeter and only uses DNS Encryption to other protective resolvers.
Endpoint using Encrypted DNS → Zero Trust Resolver → Protective Resolver(s)
See NSA’s Guidelines on the Adoption of Encrypted DNS in Enterprise:
At the time of publication, adam:ONE® already offers defenders all the technical requirements for fulfilling these guidelines with the ability to provide internal encrypted DNS as well. For more information visit https://adamnet.works
1 post - 1 participant
The post Preventing DNS filtering bypass by Encrypted DNS (DoT, DoH, DoQ) appeared first on Security Boulevard.
The post When the Patches Stop: Protecting Your (Windows 10) Environment with CDR appeared first on Votiro.
The post When the Patches Stop: Protecting Your (Windows 10) Environment with CDR appeared first on Security Boulevard.
As an Associate Professor of Cybersecurity, I spend a lot of time thinking about risk, and increasingly, that risk lives within the software supply chain. The current industry focus on CVEs is a necessary, but ultimately insufficient, approach to securing modern, containerized applications. Frankly, relying on basic vulnerability scanning alone is like putting a single […]
The post Beyond The CVE: Deep Container Analysis with Anchore appeared first on Anchore.
The post Beyond The CVE: Deep Container Analysis with Anchore appeared first on Security Boulevard.
