Design: Is It One Site or Two?
Author: Nick Kelly, Cybersecurity Engineer, Cisco & Joel Harrington, Partner Alliance Manager, NetCraftsmen
One popular analogy used in Infosec training is the old argument for the egg vs. the onion. The comparison is an “all or nothing” shell of the egg vs. the multiple layers of the onion. The goal is to get organizations to understand that securing information, people and data should be approached with layered security. The days of relying on a single approach like a firewall are long gone. Security professionals now must leverage multiple tools to maximize visibility and provide multiple safeguards.
One of the easiest solutions available is DNS security. This is an area of visibility that is ignored by many organizations, but one that can provide massive amounts of data. Every item on the internet makes DNS requests. Gathering these requests can provide insight into the traffic coming into and leaving an organization.
Internet requests are resolved, mined and cross-referenced against threat intelligence. This approach provides an easy, quick and effective first line of visibility and defense. Cisco Umbrella leverages the internet’s infrastructure to stop threats over all ports and protocols before they reach networks and endpoints.
Umbrella processes over 180 billion DNS requests every day, using statistical models to stop known threats and behaviors that may uncover unknown threats. This information is used to proactively block against traffic identified as malware, phishing, command and control and cryptomining.
Adding DNS protection to the security stack has measurable value for organizations. The Global Cyber Alliance report, titled “The Economic Value of DNS Security” quantifies this investment. DNS visibility and enforcement could have blocked approximately $10 Billion in losses over the past five years.
There are additional benefits when looking at power usage, network investments, and company brand. Infected machines sending traffic to known malicious domains can cause bandwidth congestion. Blocking these requests actually improves network latency issues. Extending DNS security out to Guest Wi-Fi networks can also help to minimize communications with bad actors in an organization.
The Cisco CISO Benchmark Study of 2019, titled “Anticipating the Unknowns” measured survey responses from over 3,000 security leaders. One top concern for CISOs was user behavior (clicking malicious links in email or on websites). 56% of those surveyed named user behaviors as a key concern, with only 61% of organizations performing exercises around security awareness.
Cisco Umbrella integrates with multiple other Cisco and third-party solutions to improve visibility and more effectively lower time to detection (TTD) and time to remediation (TTR). In conjunction with incident response tools like Cisco Threat Response, Umbrella can provide valuable insight into traffic and a mechanism through which to enforce policy.
Security professionals need a layered approach to protecting users, networks, and data. Legacy technologies are simply not effective. Multiple products with no integration can cause an overload of information. In some instances, up to 50% of alerts are never investigated. DNS security is a valuable first layer of visibility and defense that provides powerful insight into an organization’s internet communications. Cisco Umbrella is a solution used by many organizations to improve detection and response through DNS security.
Hashtags: #TheNetCraftsmenWay #DNS #Cisco #CyberSecurity #CiscoUmbrella
Design: Is It One Site or Two?
What Business Leaders Should Know About Network Monitoring
Designing for Simplicity and Your Business
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.