Page 59 - Cyber Defense eMagazine for September 2020
P. 59

core of the network, however, DNS is often the first part of an organisation’s infrastructure to see the
            majority of malicious activity and should, therefore, be considered an organisation’s first line of defence.

            By collecting and analysing data from DNS queries, an effective enterprise DNS security solution will
            provide essential context and visibility that will alert IT teams to any anomalies, enable them to report on
            which devices are joining and leaving the network, and ultimately allow them to resolve problems more
            quickly.

            Many  DNS  security  solutions  are  focused  on  on-premise  networks,  however,  and  aren’t  sufficiently
            suitable for remote workers and offices, much of whose workloads are held in the cloud.


            The mobile options


            Meeting the demand for greater speed and mobility means that internet traffic from mobile workers tends
            not to be backhauled to an organisation’s network via corporate points of presence such as servers or
            routers. As a result, DNS traffic to and from an organisation’s mobile users will not generally be visible to
            corporate security monitoring.

            The growing shift towards a more mobile workforce makes it important, therefore, for organisations to
            adopt  a  hybrid  approach  to  DNS  security  that  will  protect  both  on-premise  and  mobile  users;  a
            combination of on-premise DNS security as mentioned above, and one of the following approaches to
            maintaining DNS security in a mobile environment.

            Agent software, for example, can be installed on a mobile device and reroute DNS traffic to a cloud-
            based DNS security solution that can monitor client-side behaviour to detect malicious or suspicious DNS
            activity. And in cases where it isn’t possible to install an agent, configuration settings on a mobile device
            can be set to proxy mobile device traffic through services often referred to as cloud access security
            brokers, or CASB. However, while CASB services are able to monitor HTTP traffic from mobile devices,
            the implantation of an additional DNS proxy solution is required to reroute DNS queries to a cloud-based
            DNS security solution which can then monitor and block suspicious activity.

            What’s more, a combination of both client agent and proxy approaches, integrated with threat intelligence
            to  assure  the  detection  of  DNS  tunnelling  and  other  advanced  targeted  threats,  can  provide  broad
            coverage across a variety of devices and external services.



            DNS as an asset

            If not given proper consideration within an organisation’s security plans, DNS can provide an easy point
            of  entry  for  malicious  actors  intent  on  disrupting  networks,  and  accessing  and  exfiltrating  sensitive
            information.    And  the  problem  is  growing.  As  sophisticated  cybercriminals  continue  to  develop  new






            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         59
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   54   55   56   57   58   59   60   61   62   63   64