Gartner – “Organizations should implement DNS security to protect users, devices and other critical infrastructure.”
Improve Your Security Posture With DNS
In Gartner’s recent article, “How Can Organizations Use DNS to Improve Their Security Posture?”, the importance of using Domain Name Systems (DNS) to enhance your security infrastructure is explored.
Gartner believes too few organizations are taking advantage of DNS security tools, which enable the capability to anticipate, prevent, detect, and respond to prevailing threats, regardless of where the user, device, or workload is located.
Key take-aways include:
- DNS is a common mechanism used by attackers to help compromise environments in multiple ways.
- DNS is generally regarded as a server and networking infrastructure component and not widely recognized for its ubiquity and utility for security use cases (such as application control, threat detection and threat prevention).
- Too few end-user organizations recognize the monitoring use cases that DNS can deliver (for example, from a SIEM), such as storing, monitoring, and analyzing DNS log data for security threat detection, investigation (or threat hunting), and response activities.
- DNS filtering may also be used to effectively reduce privacy risks from things like tracking websites and cookies.
Steps You Can Take to Harden Your Security Infrastructure with DNS:
- Review the security capabilities of your existing DNS implementation to identify which security use cases can be supported with the solutions already in place.
- If you don’t have a DNS service that supports security use cases, evaluate services that can provide coverage of the users, devices and critical infrastructure that matter most to you.
- Collect and analyze DNS logs for threat detection and forensics purposes using tools such as your security information and event management (SIEM) or central log management tool.
- Implement DNS threat prevention and blocking capabilities — and, if possible, also monitor DNS traffic for other anomalies like data exfiltration.
The Article Further Addresses:
- Creating a DNS Allow List
- Creating a DNS Deny List
- Using DNS For Host Isolation
- Using Machine-Readable Threat Intelligence (MRTI)
- Using DNS for Activity Monitoring and Analytics
- Using DNS Services to Protect Work-From-Home Employees; and
- Securing IoT and Operational Security Assets
Read the article here.
For additional information and an overview of Empowered Networks’ expert DNS Security Services, visit our website.