DNS a key piece of your depth defense strategy

Published: March 14th, 2018

They say there’s safety in numbers, that by being part of a large group you are less exposed to attack from outside threats. What they don’t say as often, but perhaps should, is that there’s strength in layers, which gets much closer to defining effective cybersecurity in the age of the professional hacker.

The defense-in-depth strategy of multiple, interlocking security layers was made for today’s complex computing environment. Hackers have upped their game dramatically in recent years, such that organizations are having to deploy multiple security tools, often from multiple vendors. The fact that each vendor has its own signature approach to analyzing and responding to threats is a good thing; it makes the hacker’s job that much more daunting, and the achievement of his task that much more of a challenge.

DNS (Domain Name System) is one of the busier attack fronts these days. Consider that over 90 per cent of malware uses the DNS (Domain Name System) layer for command and control, and that more than three-quarters of organizations were victims of a DNS attack in 2017.

In matters of system security, there is no silver bullet — no single solution that will take care of all threats 100 per cent of the time. If firewalls and anti-malware software were fully effective, there would be no such things as ransomware or damaging malware attacks. But alas there are. Today’s bad actors know this, and employ a variety of methods as they work to discover that one weak spot. In many cases, they may find this spot in companies’ DNS, from which the hacker can infiltrate the network, install malware, and steal critical data.

The problem may not be that the incidence of DNS attacks is rising but that many companies fail to dedicate appropriate time and resources to what is a growing problem. The good news is that DNS, however juicy a target it is, doesn’t have to be a point of weakness for companies. It can in fact be a point of strength — an additional level of protection in a company’s cybersecurity strategy.

If over 90 per cent of malware leverages DNS, harnessing DNS as a defensive tool — as opposed to cringing at its potential liability — makes an organization much stronger overall. Organizations that are serious about their overall security can employ the highly effective one-two punch of proactive intelligence derived from millions of DNS queries with advanced data science to protect their networks from ransomware, malware, and other cybersecurity threats.

On April 10th, join IT World CIO and Chief Digital Officer Jim Love and Mark Gaudet of Canadian Internet Registration Authority (CIRA) as they explore the ways companies are using DNS tools to add a strong layer of protection. Jim and Mark will discuss new developments and the innovative strategies companies are employing that are tailored to Canada’s unique technology and regulatory environment.

Can you afford to ignore DNS? If not, would you like to learn more about how to harness DNS as a tool in your depth defense? Register today for “DNS – Can you afford one less layer of protection?”