Just like cables, switches and routers, the Domain Name System (DNS) is a critical component in business data networks. Every organisation needs a functioning DNS to allow proper routing of traffic and to maintain everything from email systems to public-facing websites.
However DNS was not designed with security as a top priority. For this reason, it has become a popular attack vector for cybercriminals keen to cause disruption to systems or extract some sort of financial gain.
The security challenge is made more acute by the fact that malware can use DNS as a way to communicate with malicious domains on the internet. Industry research shows most enterprise networks are already infected with some type of malware and new variants are appearing daily. The potential for this code to cause significant problems is a growing concern.
Key DNS security challenges
The security challenges posed by the fundamental role that DNS plays in networks are many and varied. Some of the most important are:
• The central role of DNS: Every organisation is reliant on DNS for the proper functioning of its networks and systems, making it a an attractive target for cybercriminals. If DNS is not properly protected, it may be used to disrupt operation and cause financial losses.
• DNS is easy to exploit: The basic design of DNS makes it relatively easy to exploit. When it was first developed and introduced more than 30 years ago, no one envisaged that it would be used as a method to attack a network. Unfortunately, this is exactly what is happening.
• Traditional security is ineffective: Experience has shown that traditional network security methods are ineffective against DNS attacks. Products such as generic Distributed Denial of Service (DDoS), deep packet inspection and load balancers don’t have a complete understanding of the threats and so may not be a complete answer to it.
• Security tends to be siloed: IT managers are accustomed to working with a range of different security technologies that address specific requirements, however they tend not to work well together or share data. The growing sophisticated of DNS attacks means it is no longer sufficient to use such disjointed systems for protection.
A proactive approach is key
Because of these security challenges being faced by organisations, it is vital a proactive stance is taken on protection against DNS attacks. Each organisation should deploy a dedicated, DNS-centric approach that ensures visibility, protection and rapid response to incidents as they occur.
In an ideal solution, DNS protection should be built into DNS itself, rather than bolted on to other security technologies. Under this approach, the DNS protects itself from attacks and enables the DNS server to respond automatically as required.
A strong reliable DNS security solution will the following key attributes:
- Comprehensive capabilities: Threats can come from both inside and outside the corporate network and your DNS security must be able to handle both types. This can be achieved by blocking attacks on DNS infrastructure, disrupting malware and stopping data exfiltration via DNS.
- Advanced analytics: DNS is often used as a pathway for data exfiltration because regular security products do not inspect it. DNS security with effective analytics will automatically block data exfiltration via DNS without the need for endpoint agents or additional network infrastructure.
- High availability: It is important that key applications are able to continue to run even during times of attack. Effective DNS security will stop a range of DNS attacks while allowing legitimate traffic to continue. It will also detect and block data exfiltration attempts via DNS which helps to prevent data loss.
- Collaborative approach: Organisations tend to use different types of security solutions to address different types of threats. Effective DNS security will integrate with these existing tools to create the most effective security defences possible.
- Up-to-date: The threat landscape is constantly evolving, so your DNS security must also evolve to keep up with new techniques.
DNS is far too valuable a business tool to remain vulnerable to potential attacks. Organisations must be proactive, rather than reactive, when integrating and maintaining security that will protect their DNS infrastructure from attack.
By taking this approach, the systems, networks and applications on which an organisation relies will remain secure and operational even when faced with a constantly changing threat landscape.