Organisations must prioritise domain name system (DNS) visibility in their cyber security strategies.
This was the word from Abdullah Kaymakci, head of business development and channel strategy, Cyberrey, speaking yesterday during ITWeb Security Summit 2025.
DNS is the backbone of every internet connection, enabling access to cloud services, remote work and internet of things (IOT) operations.
Despite its importance, DNS remains one of the most overlooked and under-monitored areas of the network, Kaymakci said.
He pointed out that threat actors know this and frequently exploit DNS to bypass traditional security controls. DNS visibility matters because there are “blind spots” in traditional security tools.
“DNS visibility is not a nice-to-have. It's the missing layer that turns passive logs into proactive security intelligence.
“Firewalls, URL filters and endpoint agents are foundational, but they only see part of the picture. Firewalls see traffic after connection is made but they don’t log failed DNS lookups or pre-connection intent.
“URL filters only inspect what loads in a browser, not domains that never resolve. Endpoint agents don’t run on legacy, IOT, or BYOD [bring your own device] devices, and VPNs [virtual private networks] often override or bypass them.”
Kaymakci said a Cyberrey survey found that 90% of malware uses DNS in its kill chain, while 95% malware uses DNS to communicate with command-and-control servers, as well as to redirect traffic to malicious sites.
He added that when there is no DNS visibility in place, organisations take a long time (five hours and 37 minutes on average) to mitigate against a DNS attack.
By deploying DNS visibility solutions, organisations will be able to identify compromised devices by monitoring DNS behaviour without requiring any endpoint agent, Kaymakci noted.
“They can also capture queries to malicious domains that are already offline – threats that never show up in HTTP or web logs. The tools also allow analysts to instantly search correlated DNS, DHCP and AD logs for threat investigations without delays or guesswork.”
Share