Mitigating known and unknown threats using DNS

While most network administrators use DNS security measures to secure DNS infrastructure from different attack vectors, there are far more security related controls and intelligence benefits that you can draw from DNS and use to your advantage. Without much ado, the following are some of the ways that you can use DNS to mitigate known and unknown security threats to your network.

Internal and External VisibilityAll connected systems and devices –from IT infrastructure, POS system, desktop, corporate server, laptop to Smartphone—use DNS to communicate both internally and externally. The pervasive nature of DNS provides incredible visibility into your network that can go a long way in helping you manage potential risks posed by both internal and external threats.

Threat forensics

Because of its ubiquity and the data it yields, DNS is not only capable of providing visibility into activity of your network, but also provides factual data—such as originating devices, operating system, domains accessed, applications that are being run on the device etc—which you can analyze to trace the root cause of any security breach once you have identified it.

Risk or threat assessment and scoring

One of the unique features of DNS as a security platform is the potential to give context to any query made on your network. The context is critical in assessing the overall risk associated with authorizing an action, which you can allow or deny based on the risk tolerance of your enterprise.

Enforcing security policies

One of the biggest security challenges that’s currently being faced by many network administrators is enforcing policies across all systems or devices on a network. This is because there are numerous types of devices and operating systems on the network that are owned by different individuals, so installing a control agent on all of them may not be possible. However, the use DNS changes this model as it provides visibility into every activity in each device, and since DNS has a potential to allow or limit access to network resources, it is possible to set policies that allow or limit certain activities based on specific established criteria. For instance, you can set a policy to allow access to certain websites on a guest wireless device and limit access to the same on corporate owned devices.

Conclusion

Every connection—whether it is good or malicious—begins with a DNS query. In other words, users rely on DNS to connect to critical websites, applications, and other resources on your network. You can, therefore, use DNS to accomplish a plethora of security and intelligence controls on your network—certainly without major network transformations of hardware costs that you would find with conventional security solutions. Visit Blue Cat if you are interested in learning more information.