Introducing turing 1.1: Iterating the best DNS forensic insights platform on the web
9th December 2015
turing by Nominet has had a very busy six months, and we’ve had some fantastic traction and conversations since we launched 1.0 in June. Initially developed to help us track and protect our own DNS infrastructure and already capable of producing amazing levels of real-time insight into the activity and performance of business-critical networks, the first chapter of turing’s formal existence has seen its continued success in a production environment in a major service provider network, and has seen half a dozen major trials and proof of concept deployments rolled out.
Today, we’re thrilled to roll out a free, non-disruptive upgrade in turing 1.1. We’ve taken on board customer feedback and built some key new enhancements that will prove critical for customers, even as we continue to work to develop and enhance the platform.
The key new capabilities are:
- Collector capacity doubled: a single instance of turing can now support nearly 500,000 queries per second, vs the 200,000 in 1.0. Given the volume of DNS traffic an organisation might see in a large network, this update essentially means we can scale turing to virtually any DNS environment
- New streaming platform: We’ve deployed a new streaming platform between the DNS aggregators and collectors – increasing the stability and scalability of the platform
- New DNS capture window: Recognising that not everyone will want or need to capture DNS data indefinitely, we’ve re-architected the platform to give customers the option to specify the window of time data is captured for, removing the need for a separate, long-term archive for turing data
- Introducing subnet and subdomain analysis: Key for enterprises with multiple domains or subdomains, TLD operators, registries, registrars and hosting providers, the granularity of DNS reporting now possible at subdomain and subnet levels will give a lot more intelligence to infrastructure managers responsible for capacity and resource planning. It will also allow service providers, for example, to be savvier about client monitoring and billing.
- New turing Cloud APIs: Customers can now make use of public cloud resources, starting with Amazon AWS to store the vast volumes of DNS data they might be collecting, cutting the cost and increasing the potential for turing to scale without prohibitive storage costs – given that DNS data captured from a large network can represent several terabytes per day for a large organisation, this opens up really interesting possibilities for customers in the future. Microsoft Azure and Google Cloud support will follow in 2016.
- Traffic Profiling (alpha): This will allow us to start to apply machine learning techniques to DNS data; delivering automated alerts if anomalous behaviour is detected in the DNS, accessible and actionable for non-DNS experts and a vital step in using turing as a tool for cyber-attack detection and mitigation. Updates will follow as this feature is developed further in 2016.
There’s lots more in the pipeline for next year as we move to make turing available in a true hybrid cloud/SaaS model, as we continue to increase the capabilities of its machine learning elements, and enhance the data and insights it can deliver. We’re really excited about it and look forward to the next wave of feedback from the community that is fast-developing around the platform.
Look forward to the next six months and turing’s first birthday; there’s lots more still to come.