DNS-based attacks can be some of the most visible and damaging a business can suffer, and – according to recent reports – attacks on the Domain Name System are continuing to grow in frequency and volume every year. These attacks are not just focused on bringing DNS down, but can also use DNS to steal personally identifiable information (PII), passwords or credit card numbers.
Intrusion detection and prevention systems and next-generation firewalls don’t adequately disrupt malicious DNS communications to command and control (C&C) domains – and lack integration with standard network management tools. Further complicating matters is the fact that IT and security teams often function in silos, allowing DNS security to fall through the cracks.
Optiv, a large cyber security solutions provider, recently decided to shine the spotlight on DNS security to help their customers understand DNS threats. They did an in-depth analysis of the challenges businesses face around DNS security and the gaps in security solutions these companies are using today. Their recommendations include use of industry leading tools in three strategic areas:
- Contextual analysis and enrichment to improve visibility into DNS traffic patterns and content.
- Network and security automation – intelligent blocking, packet analysis, and dynamic policy-controls closely coupled with contextual analysis.
- Integration with other security ecosystem solutions, allowing security teams to scale and shorten remediation times.
In case you are wondering what other organizations are doing to address DNS threats, Optiv has included a case study on how the security division of a large county government entity was able to detect and disrupt communications from infected devices on their network to C&C domains, using Infoblox DNS Firewall, while providing contextual analysis and holistic reporting with their integrated Infoblox DHCP and IP address management (IPAM) solution.
To learn more, read the full report from Optiv here.
