DNS Security: The Forgotten Hero of Your Cybersecurity Strategy

Cybersecurity continues to dominate business IT discussions in response to constantly evolving threats from ever more organized and professional adversaries. The IT industry is awash in debates about which technology organizations should focus on and invest in to improve security. Current topics such as threat intelligence, AI, and zero trust dominate much of the conversation.

Sometimes, however, it’s the less glamorous aspects of security that often can deliver significant benefits. One such area is everyone’s favorite technology to love or hate: the domain name system (DNS) and related services. We’ve all heard the phrase “it’s always DNS” when we can’t connect to a familiar website. Part of the reason we hear this is because DNS is so fundamental to each of our day-to-day communications. DNS is one of the building blocks of internet communications; it’s the way we tie impossible-to-remember IP addresses to the easy-to-remember names we are used to. We rarely attempt to connect to a system via its address; instead, whether the system is internal or external, we will usually connect via its DNS name.

The Central Role of DNS Services

DNS is so fundamental to the way modern IT works that it’s become a key target for cyberthreat actors. A threat actor can use DNS to obfuscate a wide range of potential attacks including DNS hijacking, spoofing, and typo-squatting. These are ways to redirect users from seemingly legitimate locations and applications to malicious ones, which can be used to phish for credentials, deploy malicious code, or steal data. Bad actors also realize that, because of its critical nature, denying access to DNS will hugely impact organizations, stopping users from carrying out day-to-day tasks. Denying access to DNS services can also block access to applications and information that a business and its customers rely on. This has led to a significant re-emergence of denial-of-service (DoS) attacks focusing on DNS infrastructure.

Turning its Power Against Bad Actors

There is, however, good news. While the foundational part DNS plays makes it a target, it also makes it an extremely strong weapon in our cybersecurity defense arsenal. It’s an often-forgotten weapon but a weapon nevertheless. At the root of this is the fact that almost all cyberattacks will start by interacting with DNS. Whether it’s a simple phishing email or the beginnings of a complex malicious code deployment or data theft, the bad actor is very likely to make a DNS call, be that to a malicious website or some kind of command and control service.

Additionally, because cyberattacks often start with DNS, that means there is highly likely to be some initial activity that will leave behind clues about a potential upcoming attack. This may be the creation of unusual domains or the registration of “typo” domains: those that are within a letter or two of the real domain name. All these actions leave clues that modern DNS threat intelligence tools can spot and can take proactive action against.

DNS security tools add value by identifying risks and potential threats at these very early stages, which we can proactively isolate and mitigate, improving security and lowering the risk of an attack on our organization.

To gain this benefit must be difficult, right? That’s the best news of all: DNS security solutions are easy to deploy, with a low-risk integration into your current environment and little if any impact on users.

Nuts and Bolts of DNS Security

DNS security falls into two categories:

  • Protection, which focuses on securing client system communications that use DNS.
  • Security, which adds additional capabilities to secure broader DNS infrastructure, along with capabilities like deep packet inspection (DPI) analysis and integration with DNS encryption technologies.

Even with basic levels of protection, DNS security solutions can deliver a lot of value to an organization. For example, simply adding the protection service to the DNS resolution path means malicious domains can be quickly blocked, with new domains identified and blocked constantly. Additional filters can also be put in place to block malicious domains by content type, or by category, ensuring users are accessing only sites that are safe, secure, and appropriate. Even for our mobile users, many vendors will provide off-network protection, allowing organizations to protect DNS security regardless of where a user resides or works.

If DNS security can be so useful, why is it not a frequent topic of conversation? I guess it gets overlooked for not being that exciting! DNS has been around as long as the public internet, so it’s not as alluring a topic as AI, automated threat detection, or managed security services. Regardless, DNS security is a very powerful tool.

If you want a low-risk, high-value cybersecurity investment that will improve your security posture, then I would recommend you look into the DNS security space and understand how it can improve security, reliability, and performance. Put this often forgotten security hero to work for your organization!

Next Steps

To learn more, take a look at GigaOm’s DNS security Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, you can access the research using a free trial.