At the outset, the recent Facebook data scandal doesn’t seem to be related to DNS protection.
You might be right unless you dig further.
Facebook Data Scandal
If you are not familiar with the Facebook data scandal, which has rocked millions of Facebook users in the recent past, here is a quick summary.
Cambridge Analytica, a UK based political consultancy firm, has allegedly used personal data from millions of Facebook users to run political campaigns with an objective to influence the 2016 US presidential elections. Cambridge Analytica received the data from a Facebook developer, who allegedly violated the terms of use of the Facebook Developer program in passing the data onward.
Now the question comes. How is this related to DNS protection?
In his interview with CNN, the CEO of Facebook, Mark Zuckerberg, mentioned that protecting customer data is a fundamental responsibility of every company and if it can’t be delivered, the company doesn’t have the right to customer data.
It is indeed a powerful statement.
Every CEO should feel that way and take customer data protection very seriously. Notably, when the Equifax data breach happened in 2017, we didn’t hear similar statements from their executive team.
There could be multiple initiatives that need to be taken to prevent customer data breach. A critical initiative that should be considered by every CEO is DNS protection. Here is why.
The Mechanism for Data Exfiltration via DNS by Way of Facebook
IT ALL STARTS WITH AN INNOCENT ACTION ON FACEBOOK
A new app that promises to tell you who your favorite friend is will appear on your Facebook news feed. A bunch of your friends has already liked it and probably shared the results from the app. You will be enticed to check it out. You will be asked to give permissions to access your data. You will oblige.
That’s the beginning of data exfiltration.
THE RISKS WITH AN OPEN DEVELOPER PROGRAM
In an open developer program such as Facebook Developer Program, we can never tell the type of developers that could be active. There could be genuine ones as well as rogue developers. Facebook has proven to be a very effective user acquisition platform. Hence, it is possible for rogue developers to push their apps via the Facebook platform.
When those apps that use Facebook APIs are accessed from users’ computers, there could be malware that can send the data out to external C&C (Command and Control) servers, which is known as data exfiltration. The genuine developers may not intentionally insert malware into their code, but hackers may take advantage of trending apps to inject malware and hence reach end-users’ computers through otherwise genuine apps.
MILLIONS OF WORKERS ACCESS FACEBOOK AT WORK
Per Statista, Facebook has 2.2 billion monthly active users as of 4th quarter 2017. As millions of users use Facebook on their company computers when they are at work on their company network, there is a greater chance of data exfiltration of business data via those infected computers.
Unless you have a mechanism to check data exfiltration, you have no idea on what’s going on in your organization’s network.
Hence, when it comes to delivering on the promise of securing customer data it is critical to be able to detect and prevent data exfiltration. The way to prevent data exfiltration is to protect your DNS.
Infoblox Can Help Prevent Data Exfiltration with ActiveTrust Suite
Infoblox ActiveTrust products enable you to mitigate security challenges that arise from DNS-based threats. Our secure DNS solutions combine automation, centralized reporting and policy management, enhanced visibility, and unique actionable intelligence drawn from the data residing in the core of your network.
Infoblox products utilize three approaches to preventing data exfiltration:
- Prevent malware communications with command and control servers (C&Cs) and botnets. Such prevent disrupts the cyber kill chain.
- Mitigate zero-day threats using machine learning and analytics. Collect curated threat intelligence data and distribute the verified data to existing security infrastructure to remediate threats and prevent future attacks.
- Scale enforcement on-premises and in the cloud with a hybrid security approach, which provides a much better context than either on-premises only approach or a SaaS-only approach.
Check out the Infoblox Data Exfiltration Prevention Demo.
Conclusion
Data exfiltration exists in almost every network and many security engineers ignore it for a variety of reasons. Many a time, your organization may feel that it is sufficiently secured. The Facebook data scandal has brought out an important aspect of customer data protection, which can be delivered only if you are able to prevent data exfiltration that occurs via DNS.