Follow Tweet This Facebook LinkedIn google+
Industry talking to customers What's this?

Why a DNS firewall should be a key part of your layered security strategy

Published: April 6th, 2018 By: Glenn Weir

CIRA

Until quite recently, it wasn’t unusual for a company’s cybersecurity protocol to depend on a firewall, an antivirus program, and their best efforts at keeping up with software patches. Incredible as it may seem today, this strategy generally provided enough protection to mitigate risk from bad actors.

Today, cyberattacks are growing at an alarming rate in Canada, with businesses experiencing an average of 40 attacks per year. A perfect storm comprised of easy-to-use hacking tools, virtually untraceable cryptocurrencies, and dark web markets has encouraged a resourceful and persistent breed of hacker, many of whom have set their gaze on Canadian organizations.

No Canadian company is safe. According to Symantec’s 2018 Internet Security Threat Report, the number of spear-phishing attacks is growing significantly, regardless of company size:

  • Large businesses (2,500-plus employees) – 35 per cent
  • Medium-sized businesses (251 to 2,500 employees) – 22 per cent
  • Small businesses (1 to 250 employees) – 43 per cent

“Security risk runs across the entire spectrum,” said Mark Gaudet, Product and Business Development Manager at the Canadian Internet Registration Authority (CIRA). “It doesn’t matter how big or small you are, nor what sector you’re in. The risk is basically the same, as is the challenge.”

The challenge for Canadian organizations is to stay ahead of the problem in this constantly evolving game of cat and mouse. As companies continue to deploy multiple layers of security they are discovering that there are gaps. The emergence of cloud computing, combined with AI and billions of sensors and networking chips driven by the Internet of Things has made cybersecurity infinitely more complex than ever before.

This new reality calls for new solutions and approaches, said Gaudet. Adding a layer of protection at the DNS level provides two distinct advantages—better data and more distance.

A DNS firewall provides a unique view of the threat landscape due to its position outside the network. Based on analyzing trends in DNS traffic, threats are added to a block list in near real-time with no input required from the user. As a DNS firewall is located outside the corporate network perimeter, it can refuse connection to a threat before it comes close to your systems. Combine these two factors with advanced data science that analyzes millions of queries an hour and you have a powerful new layer in your company’s defence-in-depth strategy.

“It’s important to look at every single DNS query, and from there to swiftly determine what should and what should not be allowed,” he said about CIRA’s D-Zone DNS Firewall solution. “Our dynamic threat feed comes from unique information, and is continuously updated. This is a huge key. You could say we have our own signature, drawn from an enormous anonymized feed, which itself comes out of tens of millions of DNS queries every second.”

“Machine learning and AI represent a new horizon when it comes to the identification and nullification of security threats,” Gaudet concluded. “While there is no such thing as one hundred per cent protection, when we’re getting fresh query feed data every 15 minutes, we’re getting data that lets us respond to threats very efficiently.”

Complimentary white paper
The CIRA white paper “Defence in Depth” takes an in-depth look at cyber-security in the context of layers, and discusses the benefits of employing a DNS firewall as part of a comprehensive defensive strategy, including but not limited to:

  • Real-time and historical analysis of global DNS data to detect security threats
  • Update of policy-enabled recursive DNS servers with real-time threat feeds
  • Server examination of DNS transactions and block domain, and IP security threats and filtered sites and categories
  • Identification and reporting of malicious activity
  • Discovery and quarantine of infected devices

Read CIRA’s “Defence in Depth” white paper.

Learn more about D-Zone DNS Firewall.


About CIRA
The Canadian Internet Registration Authority (CIRA) is a member-based not-for-profit organization, best known for managing the .CA internet domain on behalf of all Canadians, developing and implementing policies that support Canada’s internet community and representing the .CA registry internationally. In addition, we deliver cybersecurity services designed for Canadian organizations, including the new D-Zone DNS Firewall for protection from ransomware and other malware.

Visit CIRA online.