INFOGRAPHIC
Accelerate threat resolution with DNS
It has been reported in the media that
customer data is more valuable in today ’ s economy than oil . If this is true , then protecting customer data must be a top priority for all businesses . This means all pathways to customer data must be secured , no matter where that data is stored .
The domain name system ( DNS ) is a foundational network service that is critical to both connectivity and security , as it can provide a back door for data breaches . It should therefore not be overlooked as a first-level security control , especially in times of crisis and change , like the recent influx of home / remote workers .
In January 2020 , Infoblox commissioned Forrester Consulting to evaluate the use of DNS in the detection of malicious attacks and the prevention of data loss . Forrester conducted an online survey with 203 respondents representative of top tier experts from organisations who typically lead the way in security best practices , serving as a good example for those striving to improve their own security posture . We surveyed US security and risk ( S & R ) leaders from firms with US $ 1 billion or more in annual revenue from government , retail , education , healthcare and financial services sectors . Half of the respondents hold the title of chief information security officer ( CISO ). These S & R experts use DNS as a vital component of their security strategy .
S & R leaders rely on DNS for three key priorities : 1 ) detecting and blocking threats as early as possible in the kill chain ; 2 ) investigating and responding to threats ; and 3 ) quickly identifying compromised devices .
Key findings
DNS is a key starting point for threat investigation . DNS queries and responses are one of the top three data sources that security teams use for threat hunting and investigations . Investigators rely on DNS because it detects malicious activity earlier in the kill chain than other security tools .
It also gives S & R leaders much needed visibility into which devices are making requests to connect to malicious destinations – this visibility allows them to sever those connections and protect their entire infrastructure .
“
THERE IS NO PERFECT SECURITY TOOL THAT WILL FIX ALL YOUR PROBLEMS , BUT IT IS IMPORTANT TO HAVE TOOLS THAT FILL IN THE GAPS LEFT OPEN BY OTHER TOOLS .
DNS fills gaps left by other security tools . There is no perfect security tool that will fix all your problems , but it is important to have tools that fill in the gaps left open by other tools .
Surveyed S & R leaders said the top benefit of using internal DNS , as a security control point to stop malicious attacks , is being able to catch threats which would otherwise not be caught by other security tools such as DNS tunneling / data exfiltration , domain generation algorithms ( DGAs ), and lookalike domain attacks .
Majority of S & R leaders want to improve ROI on security investments . Fifty-six percent of S & R leaders listed improved ROI on security as the most helpful service to their organisation .
As more and more security tool investments were made in the last decade , S & R leaders want to see what ROI they can get with existing investments before approving budget for more tools and technologies . •
22 INTELLIGENTCIO www . intelligentcio . com