The Canadian Internet Registration Authority (CIRA) was established in 2000 with a mandate to run a safe, secure, and reliable .CA domain for all Canadians. With over 2.8 million domains under management, CIRA saw an opportunity to complement its registry revenue with new services. In 2015, CIRA moved into DNS cybersecurity with the introduction of D-Zone Anycast DNS, a service now used by ISPs, the Canadian government, and many educational institutions. However, after the release of this service, many of CIRA’s customers requested a recursive DNS Service, particularly organizations in the education sector who were interested in a service with content filtering. CIRA considered building a recursive DNS service solution in-house but realized the real value was in a threat feed, which they couldn’t develop on their own.

SINET, a leading Internet and telecom service provider was dealing with cyberthreats that resulted in network downtime and blacked out user access. Finding the best solution to combat these threats was essential to ensure a highly reliable, quality service and stem the tide of customer churn.SINET, founded in 2009, owns and operates over 200 active network POPs across Cambodia, from all main cities and provincial towns to remote districts and villages. As one of the biggest ISPs in Cambodia, SINET serves innovative customers, particularly startups in the gaming and microfinance industries. This made it all the more critical that the provider find a proven, reliable way to ward off DDoS attacks and malicious software that were causing network blackouts and disrupting the user experience.

Struggling with Web Security ChallengesIn 2016, rather than invest millions of dollars to replace its outdated legacy infrastructure, DOTComm began migrating its sites and applications to a large cloud services provider. The organization also used a cloud-based web application firewall (WAF) along with robust alerting tools that enabled it to monitor for outages.Unfortunately, the WAF did not perform as expected. Over a two-year period, DOTComm experienced more than 10 outages, each of which brought down a subset of the organization’s websites and applications. These outages lasted anywhere from 15 minutes to several hours — an unacceptable amount of time when they impacted the availability of 24/7 mission-critical services related to public safety.Even when the outages affected less mission-critical DOTComm sites and applications, the organization had to deal with complaints from county departments and citizens. Because the WAF vendor refused to take accountability for these outages, Dolinski was forced to pore over his log files to prove that the issue was the vendor’s responsibility. Once engaged with the vendor for support, Dolinski was often frustrated dealing with entry-level personnel lacking deep knowledge of the WAF.To make matters worse, the WAF vendor was supposed to manage DOTComm’s SSL certificate renewals. However, lacking a graceful certificate renewal process, the vendor often failed to renew DOTComm’s certificates before they expired. As a result, DOTComm sites would either go offline or throw SSL errors.As soon as the contract with the WAF vendor expired, Dolinski began evaluating other solutions.