DNS Security: The First Layer in the Cybersecurity Fight

Author
Samuel Bickham
Architect, Practice Lead

Author: Nick Kelly, Cybersecurity Engineer, Cisco & Joel Harrington, Partner Alliance Manager, NetCraftsmen

One popular analogy used in Infosec training is the old argument for the egg vs. the onion. The comparison is an “all or nothing” shell of the egg vs. the multiple layers of the onion. The goal is to get organizations to understand that securing information, people and data should be approached with layered security. The days of relying on a single approach like a firewall are long gone. Security professionals now must leverage multiple tools to maximize visibility and provide multiple safeguards.

Why DNS Security?

One of the easiest solutions available is DNS security. This is an area of visibility that is ignored by many organizations, but one that can provide massive amounts of data. Every item on the internet makes DNS requests. Gathering these requests can provide insight into the traffic coming into and leaving an organization.

Internet requests are resolved, mined and cross-referenced against threat intelligence. This approach provides an easy, quick and effective first line of visibility and defense. Cisco Umbrella leverages the internet’s infrastructure to stop threats over all ports and protocols before they reach networks and endpoints.

Umbrella processes over 180 billion DNS requests every day, using statistical models to stop known threats and behaviors that may uncover unknown threats. This information is used to proactively block against traffic identified as malware, phishing, command and control and cryptomining.

The Value of DNS Security

Adding DNS protection to the security stack has measurable value for organizations. The Global Cyber Alliance report, titled “The Economic Value of DNS Security” quantifies this investment. DNS visibility and enforcement could have blocked approximately $10 Billion in losses over the past five years.

There are additional benefits when looking at power usage, network investments, and company brand. Infected machines sending traffic to known malicious domains can cause bandwidth congestion. Blocking these requests actually improves network latency issues. Extending DNS security out to Guest Wi-Fi networks can also help to minimize communications with bad actors in an organization.

Addressing the Unknowns

The Cisco CISO Benchmark Study of 2019, titled “Anticipating the Unknowns” measured survey responses from over 3,000 security leaders. One top concern for CISOs was user behavior (clicking malicious links in email or on websites). 56% of those surveyed named user behaviors as a key concern, with only 61% of organizations performing exercises around security awareness.

Cisco Umbrella integrates with multiple other Cisco and third-party solutions to improve visibility and more effectively lower time to detection (TTD) and time to remediation (TTR). In conjunction with incident response tools like Cisco Threat Response, Umbrella can provide valuable insight into traffic and a mechanism through which to enforce policy.

Conclusion

Security professionals need a layered approach to protecting users, networks, and data. Legacy technologies are simply not effective. Multiple products with no integration can cause an overload of information. In some instances, up to 50% of alerts are never investigated. DNS security is a valuable first layer of visibility and defense that provides powerful insight into an organization’s internet communications. Cisco Umbrella is a solution used by many organizations to improve detection and response through DNS security.

—————-

Hashtags: #TheNetCraftsmenWay #DNS #Cisco #CyberSecurity #CiscoUmbrella

Leave a Reply