DNS Security: The First Layer in the Cybersecurity Fight

Samuel Bickham
Architect, Practice Lead

Author: Nick Kelly, Cybersecurity Engineer, Cisco & Joel Harrington, Partner Alliance Manager, NetCraftsmen

One popular analogy used in Infosec training is the old argument for the egg vs. the onion. The comparison is an “all or nothing” shell of the egg vs. the multiple layers of the onion. The goal is to get organizations to understand that securing information, people and data should be approached with layered security. The days of relying on a single approach like a firewall are long gone. Security professionals now must leverage multiple tools to maximize visibility and provide multiple safeguards.

Why DNS Security?

One of the easiest solutions available is DNS security. This is an area of visibility that is ignored by many organizations, but one that can provide massive amounts of data. Every item on the internet makes DNS requests. Gathering these requests can provide insight into the traffic coming into and leaving an organization.

Internet requests are resolved, mined and cross-referenced against threat intelligence. This approach provides an easy, quick and effective first line of visibility and defense. Cisco Umbrella leverages the internet’s infrastructure to stop threats over all ports and protocols before they reach networks and endpoints.

Umbrella processes over 180 billion DNS requests every day, using statistical models to stop known threats and behaviors that may uncover unknown threats. This information is used to proactively block against traffic identified as malware, phishing, command and control and cryptomining.

The Value of DNS Security

Adding DNS protection to the security stack has measurable value for organizations. The Global Cyber Alliance report, titled “The Economic Value of DNS Security” quantifies this investment. DNS visibility and enforcement could have blocked approximately $10 Billion in losses over the past five years.

There are additional benefits when looking at power usage, network investments, and company brand. Infected machines sending traffic to known malicious domains can cause bandwidth congestion. Blocking these requests actually improves network latency issues. Extending DNS security out to Guest Wi-Fi networks can also help to minimize communications with bad actors in an organization.

Addressing the Unknowns

The Cisco CISO Benchmark Study of 2019, titled “Anticipating the Unknowns” measured survey responses from over 3,000 security leaders. One top concern for CISOs was user behavior (clicking malicious links in email or on websites). 56% of those surveyed named user behaviors as a key concern, with only 61% of organizations performing exercises around security awareness.

Cisco Umbrella integrates with multiple other Cisco and third-party solutions to improve visibility and more effectively lower time to detection (TTD) and time to remediation (TTR). In conjunction with incident response tools like Cisco Threat Response, Umbrella can provide valuable insight into traffic and a mechanism through which to enforce policy.


Security professionals need a layered approach to protecting users, networks, and data. Legacy technologies are simply not effective. Multiple products with no integration can cause an overload of information. In some instances, up to 50% of alerts are never investigated. DNS security is a valuable first layer of visibility and defense that provides powerful insight into an organization’s internet communications. Cisco Umbrella is a solution used by many organizations to improve detection and response through DNS security.


Hashtags: #TheNetCraftsmenWay #DNS #Cisco #CyberSecurity #CiscoUmbrella

Leave a Reply


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.