DNS is the key to cyber security
DNS plays a critical role in every network – it is the technology standard used to turn humanly understandable domain names into internet protocol (IP) addresses understood by machines. Yet it is often overlooked by many security solutions, the ‘open backdoor’ for cyber criminals.
Several factors make DNS especially attractive to cyber criminals. Due to its ubiquitous but behind-the-scenes nature, DNS is often overlooked by system administrators. In fact, most firewalls whitelist DNS. This is utopia for cyber criminals who can easily manipulate a company’s domain name for malicious purposes. Criminals use DNS to carry out attacks such as spam, DDoS, phishing, click fraud or brandjacking.
Two-thirds of DNS traffic logs analysed showed signs of malicious activity
Source: Infoblox survey 2016
The number of attacks exploiting DNS are on the rise. Organizations worldwide are facing an immediate need to pay closer attention to DNS, to detect and respond to attacks, to keep their business secure and protected. Fortunately, as DNS is always-on it is also a great place for plugging in a defence layer that offers protection from threats that traditional security solutions, such as antivirus or network firewalls, would miss.
With the growth of the internet and more and more people and devices getting online every hour of every day, there are billions of packets of data to monitor, track and analyse. Traditionally it has been very difficult to gain insight into DNS traffic but now, with the right tools many cyber threats can been seen quickly and easily within an organisation’s DNS traffic. In fact according the Cisco 2016 Annual Security Report 92% of malware uses DNS in one of three ways, to gain command and control, to exfiltrate data or redirect traffic.