DNS Based Infrastructure Protection
Protection of infrastructure, data, and end user devices are one of the most important topics that IT departments deal with on a regular basis. We’ve seen many examples in the last year of successful attacks such as with Colonial Pipeline, Kaseya, and T-Mobile and the list is only growing. There are a huge number of applications available to analyze, detect, and protect endpoints from many security threats that are growing by the minute. Protection of endpoints needs to occur in a variety of areas, but one that is typically common to both the endpoint, and the exploits that try to attack them, is the Domain Name System (DNS). DNS is the mapping that occurs between a memorable term, such as www.yourwebsite.com, to an IP address, a numeric label assigned to each device connected to a network.
Using a product that monitors and controls DNS on an organization’s networks and endpoints provides a simple, yet effective, manner of protecting users from malicious requests. These types of DNS protections work well in conjunction with security awareness training and more advanced security products. Properly deployed, DNS layer security can block requests to direct IP Communications, malicious domains, and can even hamper or eliminate command-and-control functions for ransomware and similar threats.
One example of a DNS based security product is Cisco’s Umbrella service. This service has a roaming client that is installed on a user’s device, protecting the user while roaming off the corporate networks. All requests for DNS traffic – which is how the majority of most connection requests begin – first pass through the corporate policy base to allow or deny a connection. These policies track connections and requests, and will automatically deny suspect requests based on rules setup and managed by the administrative staff. Users and applications won’t even notice this is happening. Users are protected in this simple manner and IT staff can be alerted to issues and run reports to see what is happening on their networks and endpoints. Security is a large integrated system and having a DNS based protection layer improves the odds of mitigating an attack before it’s able to execute its payload. Review all the steps your company is taking to safeguard against attacks and make sure a DNS based security protection is in place. Security is a journey where organizations need to review where their critical information resides so the appropriate countermeasures can be deployed to help protect against emerging threats.