IBM has long advocated for strong and innovative means to enhance privacy and data protection, and we are pleased to announce our latest investment in privacy-enhancing technology with the new Quad9 Domain Name System (DNS) offering. Created in collaboration with Packet Clearing House (PCH) and the Global Cyber Alliance (GCA), Quad9 goes far beyond standard DNS name resolution, with four key areas of focus.

  • Privacy: Unlike many other DNS services, Quad9 makes use of aggregated data, but by design does not store, correlate or otherwise employ any personally identifiable information (PII). Quad9 does not and never will share any of its data with marketers, nor will it use this data for demographic analysis.

  • Security: Quad9 makes security a chief priority to deliver superior protection against cybercrime networks and malware, integrating security analysis from individual machines’ DNS queries to global trends.

  • Scalability: Quad9 leverages PCH’s long history of providing highly robust DNS back-end infrastructure, including over 160 points of presence around the world.

  • Ease of use: Administrators can easily configure endpoint devices to point to the Quad9 DNS server at address 9.9.9.9.

Commitment to Collaborative Defense

Building on our investment in collaborative defense with this new offering, IBM is teaming with two well-established nonprofits committed to a shared vision of a private, secure internet. PCH is a nonprofit entity responsible for providing operational support and security for internet infrastructure, including the core of DNS, with crucial coordination tasks for internet exchange (peering) points. PCH also operates a critical infrastructure protection hotline communications system that links thousands of network operation centers and computer emergency response teams (CERTs).

The Global Cyber Alliance, a nonprofit coalition founded by a partnership of law enforcement and research organizations, is dedicated to addressing cyber risk across borders and industries. Its focus is on concrete actions and measurable change.

Why DNS Matters

Every data transaction on the internet requires a link between originating and receiving endpoints, like a user seeking a website. Humans need a human-friendly URL, but that has to be translated into the machine-readable numeric equivalent. These internet data transactions are underpinned by domain name translation, using servers and software that rely on a distributed, trust-based system that comprise the DNS system.

It’s not just the named URLs that companies and internet users employ that use DNS services. By 2025, there will be 80 billion internet-connected, or Internet of Things (IoT), devices in homes and offices. End users aren’t able to update these devices as software misconfigurations and vulnerabilities are discovered without help from the manufacturer, so employing secure connection at the DNS level can help prevent the devices from being used for nefarious purposes.

Since the DNS servers themselves can’t tell the difference between a data packet with malicious intent and an innocent data packet checking last night’s sports scores, advanced analytics need to be implemented to identify and block the malicious traffic, as in the case of Quad9. Known malicious domains are identified through threat intelligence from IBM X-Force Exchange. Advanced analytics are performed on IP addresses to assign a risk score based on text, visual object recognition, optical character recognition (OCR), structure and linkages to other sites, and the presence of suspicious files to identify malicious IPs.

Make the Change to Quad9

DNS servers are typically assigned by your internet provider or IT department, and both consumers and businesses can make a simple change to the Dynamic Host Configuration Protocol (DHCP) to route DNS traffic through Quad9 without requiring end users to make any changes. Quad9 is and will remain freely available to anyone who wants to use it.

Visit the Quad9 website for details and videos on how to make the change to a safer, more private internet browsing experience.

Learn More About Quad9

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…