DNS is a vital security tool

Domain name system (DNS) is a foundational network service that is effective at catching threats early, identifying compromised devices and investigating and responding to threats.

Johannesburg, 12 Oct 2020
Read time 4min 20sec
Dean Wolson, Country Manager – Africa, Infoblox
Dean Wolson, Country Manager – Africa, Infoblox

In the modern information economy, customer data is often considered more valuable than oil, which leads to the inescapable conclusion that protecting customer information must be a top priority for all businesses.

Bearing this in mind, the domain name system (DNS) is a foundational network service that is critical to both connectivity and security, as it can provide a back door for data breaches. It should therefore not be overlooked as a first-level security control, especially in times of crisis and change, like the recent influx of home-based remote workers.

Dean Wolson, Country Manager for Africa at Infoblox, says that according to a Forrester white paper, security and risk (S&R) experts at some of the world’s largest companies use DNS as a vital component of their security strategy. In fact, the top S&R leaders rely on DNS for three key priorities: detecting and blocking threats as early as possible in the kill chain; investigating and responding to threats; and quickly identifying compromised devices.

“These experts understand that the DNS is a key starting point for threat investigations, because DNS can detect malicious activity earlier than other security tools. It also provides much needed visibility into which devices are making requests to connect to malicious destinations – this visibility allows them to sever those connections and protect their entire infrastructure, says Wolson.

“While it is clear that there is no perfect security tool – one that will fix all your problems – it is important to have tools that fill in the gaps left open by other tools. S&R leaders claim that the biggest benefit of using internal DNS as a security control point to stop malicious attacks is the simple fact that it enables them to catch threats which would otherwise not be caught by the other security tools.”

He adds that well over half of these experts also listed an improved return on investment (ROI) on their overall security as a critical benefit. Considering that massive investments in security tools have been made in the last decade, there is an increasing focus on what ROI can be obtained from existing investments, before approving budget for additional tools and technologies.

“Ultimately, DNS is a foundational element in driving more effective investigations. For example, S&R leaders use DNS data throughout investigations for correlating network logs, determining exposure and examining outbound resources.”

“Security has become even more vital with the emergence of COVID-19, as the subsequent resetting of business as usual for all companies has created new gaps in security postures. More employees are working from home with their own devices, which means connecting Internet of things (IOT) devices without the proper security measures. This, in turn, means that security teams must be able to quickly identify and respond to devices, when and if they become compromised.”

Insecure networks, devices and Internet access from outside the corporate network potentially jeopardise customer data. DNS queries and response data are therefore one of the top three tools which firms are now using to quickly identify compromised devices.

“When an attack or infection occurs, investigators need tools that provide a holistic view of the extent and severity of the threat. DNS domain/address investigations are effectively able to determine who in the enterprise has been infected after such a scenario occurs. DNS is also helpful to investigators when determining how much information the attacker gained access to.”

Wolson adds that DNS can assist in accelerating incident response times, which ensures that threat resolution happens more rapidly. Moreover, DNS can assist an organisation’s deception technology, which often means they are able to snare attackers when they first penetrate.

“It must be remembered that in the ‘new normal’ and its much higher volume of mobile workers, S&R leaders must also address additional challenges that the disease has brought to the surface. Due to the reduction of onsite staff, many S&R leaders have needed to implement the automation of solutions to fill staffing gaps and to continuously monitor cloud access and usage.

“Many firms lack either the tools or the software to fully enable their mobile workforce. Other companies, particularly those in rural locations, lack the Internet bandwidth to meet their needs. With this in mind, malicious attackers are ramping up phishing and social engineering attacks, as well as taking advantage of vulnerabilities in collaboration tools. Therefore, the best advice I can give is to remember the importance of DNS as a security tool, and always ensure that you don’t let your guard down,” he concludes.

See also