In order to persevere in the face of escalating cyber attacks and maintain application availability, organizations must expand their traditional network infrastructure defenses to incorporate DNS security, centralized visibility, and vulnerability detection.
In today’s hyper-connected, always-on landscape, network reliability, and availability are essential to nearly every business. But achieving them is becoming increasingly difficult in the face of escalating cyber attacks. For digital enterprises, the loss of network access is no longer a minor inconvenience. It can negatively affect productivity, customer satisfaction, brand, revenues, and profitability. To a large degree, ensuring the availability of applications and services comes down to how effectively organizations protect their network infrastructure.
• Business productivity
• Customer satisfaction
• Brand Reputation
Safeguarding a network’s extended infrastructure—its servers, storage, devices, and virtual machines—from attack-related downtime involves multiple components. Among these are traditional perimeter defenses, including distributed denial of service (DDoS) solutions, email, antivirus, web gateway security and other Network Access Control (NAC) measures, along with security information and event management (SIEM) systems.
Unfortunately, many IT organizations assume these solutions alone provide sufficient protection. The reality is, in today’s sophisticated threat environment, infrastructure protection requires several crucial capabilities many enterprises overlook or underappreciate: knowing what’s on a network, ensuring that all devices are compliant and free from vulnerabilities and DNS security.
As the global directory of internet destinations, the Domain Name System (DNS) is essential to modern network connectivity. Indeed, the availability of a digitally connected business hinges on the availability of DNS and its related services.
Unfortunately, however, DNS is as much a friend of the dark industry as it is of digital organizations. For example, in October 2016, Dyn, a provider of managed DNS services, suffered a massive DDoS attack that disrupted web access for companies across the globe, including Amazon, Airbnb, The New York Times, Visa, Spotify, Netflix, CNN, Verizon, HBO, Twitter and scores of others. Some outages lasted hours.
Along with websites, attacks on DNS can bring down a company’s email, application, SaaS, cloud, and online payment services. The consequences can be long-lasting. In the case of Dyn, the company lost many prominent clients in the immediate aftermath of the attack on its DNS services.
However, when wisely harnessed, DNS can be transformed from a serious risk to a prime enabler of network security and service availability.
To gain essential infrastructure protection capabilities their conventional cybersecurity solutions inadequately provide, enterprises must confront four key challenges: lack of visibility, vulnerability detection, DNS-based attack protection, and lack of security ecosystem integration.
From an infrastructure protection standpoint, having a clear view of devices and network assets is crucial to infrastructure protection. After all, network teams can only protect what they can see. However, network visualization remains elusive when enterprises rely solely on traditional security solutions to monitor and track network assets. These systems provide incomplete, fragmented views that make it hard to see all devices network assets across physical, virtual, and cloud infrastructure.
As a consequence, insecure elements lurking in hidden corners of a network can be easily
Because of the unique role they play in network interactions, core services including DNS,
Dynamic Host Configuration Protocol (DHCP) and IP Address Management (IPAM), collectively
known as DDI, can provide a window into every infrastructure asset, network device, IP address,
and user on a network.
IT organizations should augment their infrastructure defenses with solutions that leverage core
network services, enabling them to:
• Centralize and automate network discovery of new devices and VMs as they join the network,
wherever they reside
• Enhance visibility into infrastructure devices (e.g., app servers, routers, and switches) and their
• Easily spot suspicious end hosts, attack points, patterns, and anomalies as they emerge
Gaining a consolidated view of network assets is challenging enough using conventional approaches. Just as difficult is finding and quickly remediating vulnerabilities that may reside in those assets.
Enterprises are shifting from prevention-only approaches to focus more on detection and response.
Vulnerability scanners play a critical role. But they don’t go far enough to proactively thwart today’s emerging threats. For example, most can’t monitor all devices, VMs, and end points continuously across highly complex, geographically dispersed infrastructure. Nor can they readily identify risks stemming from non-compliant devices, configuration errors, and outdated infrastructure components.
Without complete information on vulnerabilities, networks are still susceptible to sophisticated attacks that can adversely affect network and service availability.
Network automation tools that harness data flowing through DDI services provide a more accurate, comprehensive picture of the network and hidden vulnerabilities than is possible using traditional scanners alone.
The best solutions combine insights from core network services, automation, and network intelligence, enabling enterprises to automatically:
• Detect in real-time non-compliant devices that may contain vulnerabilities
• Find and fix configuration errors or isolate compromised endpoints before they can do harm
• Enforce best practices, compliance mandates, and security policies
As a means for disrupting and disabling networks, exploiting DNS is spectacularly successful. DNS has become the number-one service targeted by application-layer attacks and the number one protocol used in amplification/reflection attacks.
Cybercriminals rely on DNS pathways to wreak havoc on networks in a multitude of ways.
They use DDoS and other DNS-based attacks to flood DNS servers with junk requests, create diversions to hide other forms of attack, and swap legitimate URLs for phony ones that can make websites appear to be down when they’re not. DNS has become the go-to attack method of choice for the simple reason that traditional infrastructure security measures do not understand DNS and are not capable of protecting it.
DNS is a core component of every network; it should also be a core component of infrastructure protection. The most effective solutions are those specifically architected to automatically and comprehensively protect DNS from evolving threats. Organizations should explore advanced DNS security options that enable them to:
• Detect and prevent the broadest range of DNS-based attacks, including reflection, DDoS, NXDOMAIN, amplification, TCP/UDP/ ICMP floods, tunneling, reconnaissance, cache poisoning, and protocol anomalies.
• Keep networks up and running even during attacks with the ability to detect legitimate from malicious DNS requests in real time
• Maintain DNS integrity with the ability to proactively detect DNS hijacking as it occurs
Many organizations use a wide assortment of separate security systems from multiple vendors. For example, complete NAC solutions often consist of many different areas of specialization, from user verification to password authentication, to device hygiene. SIEM solutions have their own areas of focus.
These tools create silos and are unable talk to each other or automatically share critical information. This poses a serious challenge to security teams who must take decisive action against a backdrop of dynamic network changes and escalating attacks.
These teams also are typically awash in seas of threat data with no clear guidance on what to act on first or why further hindering their efforts.
DNS, DHCP, and IPAM data provide real-time insights that can continually inform NAC and SIEM systems.
Network teams should choose solutions that use core network data combined with meaningful context to enhance the performance of the entire security ecosystem, enabling them to:
• Speed remediation with the ability to easily share data-rich, network layer actionable intelligence throughout their multivendor ecosystem.
• Gain visibility into IP address changes and DNS security events, including reconnaissance activity, that SIEM can easily consume for fast analysis
• See threat data in context with network and device activities in real time to prioritize response
Data from DNS, DHCP, and IPAM (DDI) services, provided in real time and in context, enable diverse cybersecurity assets to respond faster and in unison to security events.
Cyber attacks can take networks down despite organizations’ current investments in perimeter and network intelligence solutions. As the Dyn example illustrates, failure to adequately protect DNS from attacks carries risks that extend far beyond short-term downtime. Not only can it paralyze networks, it can also put jobs and even careers in jeopardy.
To ensure the availability of network services and applications, enterprises need to close the gaps in their infrastructure protection that other solutions leave exposed.
Solutions that incorporate core network data, automation, and data-driven intelligence can enhance visibility and vulnerability detection across diverse physical, virtual, and hybrid cloud environments shut down DNS attack vectors, and help optimize the performance of third-party security ecosystem solutions. Contact Musato Technologies to learn more about innovative ICT services designed to transform your business.
An article by Infoblox
You must be logged in to post a comment.