Corporate domain name registrars: Superior protection against security threats

Corporate domain name registrars: Superior protection against security threats

Popular retail domain registrars like GoDaddy, Network Solutions, and Register.com have each reported breaches of their domain name and hosting security systems. Domains names are perhaps the most important intellectual property asset that any online business owns. Companies simply cannot afford to have these assets vulnerable to attack. Today’s businesses need a domain registrar with the added security, safeguard features and a 24×7 vigilant customer service team to protect the “crown jewels” of their online presence. This additional emphasis on security and expertise can only be found at a corporate domain name registrar like MarkMonitor.

It starts with the portal

Domain names are managed through a registrant “portal” or user interface. The best corporate registrars have a domain name management portal that is constantly monitored and tested for security threats and code vulnerabilities. Hackers, phishers and botnet creators are constantly innovating and developing new forms of attack. Corporate registrars stay atop of new exploits by continuously scanning their systems for new vulnerabilities and adding layers of security. Unlike retail registrars, an enormous emphasis on security has been built into processes and systems for corporate registrars from the very beginning of their service offering.

Secure log ln

While a vigilant and hardened portal infrastructure is critical, secure user access is a must. MarkMonitor requires mandatory multi-factor authentication and enables account users to set IP access restrictions. Single Sign-On (SSO) is also made available to help businesses more easily control user access through their own identity provider. Restricting access to a limited number of individuals that have access to a company’s core domains reduces the risk of breach. Retail registrars don’t offer many of the same security features, or level of sophistication and granularity, on user access that security leaders at many businesses now require.

Registry lock: “Belt and suspenders”

MarkMonitor has negotiated 85 “registry lock” services, the most of any registrar for top level domain name extensions including .COM, .ORG, and many country code extensions like .US, .DE, and .EU.  Registry Lock freezes all domain transactions at the registry level until the correct high-security protocol is followed as specified by both the registry and registrar. Combined with additional advanced registrar-level locking, where a specific protocol must be followed between client and registrar, the additional registry lock is “belt and suspenders” and adds another layer of security to prevent erroneous nameserver updates, hijackings and social engineering attacks.

Certified for protection

Because domain security is core to a corporate registrar’s service offering, the engineers responsible for its operation are highly qualified and certified professionals with certificates from information security organizations such as SANS, CISSP and CompTIA. This team of security professionals also engages outside third parties to do annual penetration testing of its systems in order to provide a high-level of assurance for the security of the entire platform. We don’t hide our security through obscurity.

Expert customer service

Unlike retail registrars that require hundreds of remote call center employees to serve the millions of domain name customers who have issues with their accounts, corporate registrars like MarkMonitor employ a small team of highly trained and expert Client Service Managers (CSMs) that know and understand your account. CSMs act as your second set of eyes by monitoring client accounts for changes and any unusual behavior. Accounts are constantly monitored on a 24/7 basis to ensure all domains updates are authorized by the appropriate individual on the account. While domain updates, such as name server changes, can be made within a matter of seconds, due to the nature of DNS, it can take up to 24 to 48 hours to fix an erroneous or malicious update. Frequent account monitoring by a trained specialist helps corporate registrars identify unusual changes to an account and quickly notify businesses so that action can be taken if necessary.

To close, domain security is a responsibility that is shared by both registrant and registrar. Retail registrars do offer some security features to protect their clients’ portfolios, but security is one service in a sea of many of their other retail service offerings, including website building, email marketing, webhosting, e-commerce platforms and logo design. Using a corporate registrar that focuses on security as its core principle insures that a company’s online identity is maximally protected.

Learn more about MarkMonitor domain management solutions.