Why ignoring DNS is dangerous ?

The least surprising observation is that the security landscape today is far more complicated and attacker-friendly due to changes such as remote sites, IoT, soaring cloud use and partners demanding an ever-increasing amount of access to sensitive operational data.

What is, however, surprising is how many enterprises are not leveraging DNS, IPAM and related tools that already exist in their environments. Indeed, one of the most useful things about DNS and IPAM is that they can detect patterns of movement within the enterprise that many other tools miss.

The best cybersecurity word for today’s enterprise environments is porous. Make that really porous. Although there is far more risk everywhere in these environments, the biggest gaps in the security posture come from remote sites aka work-from-home situations. Those gaps come from inconsistent security arrangements made in almost every one of those locations, with an unlimited variety of different equipment and an at-whim approach to maintenance of patch implementations. (Some enterprises can strongly influence patches on some equipment, but others–such as employee-purchased routers–are the wild west.)

IoT is highly problematic as well, but the second-biggest element of network confusion (think of confusion as losing the battle of signal-vs-noise) are apps of all kinds flooding the network with overwhelming communications, right alongside millions of IoT and IIoT devices communicating to Lord knows who.

DNS and IPAM can cut through much of that confusion and immediately paint a more comprehensive and accurate view of what is going on in the network and especially what is going on that should not be going on.

IP Address Management (IPAM) is especially critical in the detection cycle. Anything that moves across the network needs to interact with IPAM and that leaves a footprint. IPAM doesn’t merely help detect malicious activity (along with non-malicious but still destructive unintentional behavior by employees/contracts/users), but it is also extremely helpful later on, when a forensic team is trying to figure out how the attacker gained access and exactly what the attacker did while inside.

DNS is also helpful with tracking aberrant behavior within the LAN, but cyberthieves and cyberterrorists have both been known to use DNS exfiltration, as a low-visibility way to steal the content and whisk it away to their hideout. That is why closely tracking DNS activity delivers multiple benefits. Many enterprises will get strong insights by monitoring DNS domain addresses to determine who was infected after an attack and how that progressed. This tells them many details about how much information the attacker accessed. Hence, ignoring DNS is simply too dangerous.

(Source : Infoblox.com)

For reading more interesting trends, whitepapers and perspectives on cybersecurity, please visit Security Edge 

Comments (0)
Add Comment