Connect with us

Expert Speak

Why a Dedicated Hybrid DNS Solution is Vital?



Written by Ali Mehaidly, Solutions Architect, Middle East & Africa at Infoblox

According to Gartner, over 45 percent of IT spending will have shifted to the cloud by 2024 (up from 33 percent in 2020). Broader use of cloud and SaaS applications is driving greater investment in technologies that improve productivity, data security, and continuous business operations. The demands of a modern, distributed workforce require IT to prioritize agility, velocity, and scale. As a consequence, networks are shifting from a traditional architecture focused on headquarters and the data center to a distributed, edge-to-cloud architecture. To support the hybrid workplace, organizations need to be able to easily secure networks and unify management across cloud, HQ, and branch locations.

The hybrid workplace – where employees are mobile across on-site, home, and work-from-anywhere locations – is here to stay. In addition, organizations are undertaking other business imperatives like SaaS, cloud adoption, and IoT at a fast pace. To meet the requirements of workplace transformation, organizations must also transform their network’s capabilities.

But these transitions are not without challenges. As companies transform, infrastructure becomes more fragmented. IT teams struggle with the loss of control over core network services such as DNS, DHCP, and IP Address Management (IPAM), as remote users and cloud workloads rely on disparate DHCP, DNS systems. Limited visibility, difficulty in effectively managing devices in remote offices, and lack of security “everywhere” cause further concerns.

Why Dedicated DNS Security
Numerous organizations trust DNS, and the traffic is usually free to pass through company network firewalls. However, cybercriminals know this and abuse and attack DNS, making the protection of this critical service a high priority for organizations.

There is no perfect security tool that will fix all problems, but it is important to have tools that fill in the gaps left open by other tools. DNS, for example, can be used as a security control point to stop malicious attacks and to catch threats that would otherwise be missed by other security tools such as DNS tunneling/ data exfiltration, domain generation algorithms (DGAs), and lookalike domain attacks.

Threat investigators also rely on DNS because it detects malicious activity earlier in the kill chain than other security tools, reducing the burden on their perimeter defenses. It gives much-needed visibility into which devices are making requests to connect to malicious destinations – visibility that allows organizations to sever those connections and protect their entire infrastructure.

In fact, DNS and malware analysis are both regarded as the top tools used in identifying what data and systems the attacker got access to. DNS is also helpful to investigators when determining how much information the attacker got access to.

DNS should therefore be a key part of any organization’s security strategy as it protects firms from threats that other security tools might have missed and allows investigators to know which devices have requested connections to malicious destinations. DNS also helps accelerate incident response times, which makes threat resolution faster.

The internet is encrypted now; network analytics and visibility vendors informally reported to Forrester that between 72% and 95% of the traffic they’re seeing in corporate networks is encrypted. For many organizations, only metadata like DNS requests remain as visible cues available for real-time analysis. Security and risk professions will continue to embrace the tried-and-tested DNS firewalling and filtering techniques as a first line of defense against malware, phishing, and ransomware. Attackers know this and have been developing algorithms to generate pseudo-random domain names for the C2 operations, leading to an arms race that only AI will be able to fight in real-time.

Signature-based products like NGFW are critical to blocking or containing phishing attacks. But organizations might be missing a crucial element at a different layer of their security defenses: DNS. NGFWs allows administrators to apply policies to traffic, based not just on port and protocol, but also on applications and users accessing the network. However, the DNS protocol is typically not “inspected” by NGFW for malware, leaving the service vulnerable to malware. An NGFW is not a DNS server, and therefore, cannot interpret DNS queries and responses to detect malware that uses the DNS protocol. While some NFGWs may claim to have DNS security-related features, they are typically “bolted on” and lack the sophisticated visibility that DNS servers have into all the DNS requests and devices.

While a DNS firewall can stop malicious Internet connections before they occur at the DNS control plane, an NGFW must scan each of these connections individually, which is resource intensive and can drain its performance. NGFWs also do not offer protection to off-network devices or users, such as those working remotely, without a VPN, which adds latency. A DNS firewall can, making it much faster, more responsive, and effective at protecting end-users working both inside and outside of the organizational perimeter.

Because it’s based on DNS, a DNS firewall can be an ideal enforcement point for detecting any device that tries to call up a malicious domain. Moreover, since a DNS server is a default service in the network that is already protected by an NGFW, a DNS firewall can secure DNS connections quickly, easily, and at scale, without burdening the already busy NGFW.

Using a layered approach to security is critical as network perimeters continue to erode and confidential information is increasingly accessed through cloud services on public Wi-Fi networks. The best way to maintain a strong security posture is by integrating a DNS firewall with an NGFW. DNS firewalls can be installed as part of the standard DNS service, either on-premises or offered as a service via the cloud to complement and fill the gaps missed by NFGWs and other security tools.

Expert Speak

Hidden Champions: Behind These Popular Applications Are Hard Drives



Written by Rainer W. Kaese, Senior Manager of Business Development Storage Products at Toshiba Electronics Europe

Continue Reading

Expert Speak

How to Secure MSP Success Brick by Brick



Written by Roman Cuprik, content writer at ESET (more…)

Continue Reading

Cyber Security

Is Consent the Gateway to Ethical Data Usage Practices?



Every tech company under the sun is grappling with data privacy and protection policies and laws. However, consent is crucial when it comes to data collection and processing. Having the user’s consent to use their data is imperative. While securing the data after collection is also important, using customer data without their consent causes more serious issues. Without obtaining consent from the user, any data that you use for your business falls under the unlawful use of data regulations.

Users of the well-known platform Glassdoor, which allows individuals to anonymously review their employers, allege that the site collected and linked their names to their profiles without their permission. Glassdoor users have expressed alarm, and the issue has been widely featured on social media and news-sharing sites. They fear that their anonymity could be compromised if data about them is collected and added to their profiles.

The issue here boils down to a single word: consent.

The gray area of obtaining consent
Organizations can knowingly or unknowingly exploit users’ personal data without proper knowledge of data privacy. It is not enough just to get consent from users; explicit consent is required. This includes ensuring the user selects checkboxes during the signup process, enters their email address, authorizes receiving marketing emails and newsletters, and grants the app permission to track user data in specific situations.

But when it comes to verbal consent, there is ambiguity. The GDPR accepts verbal consent but requires written or recorded proof of the consent given. The GDPR states that, “when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.” Therefore, it is better to record or have written proof of verbal consent; one must not assume or misunderstand that verbal consent only includes oral consent.

Often, there is less visibility of data usage for customers. More often than not, customers do not know what they are giving consent for or how their data will be used. Let’s take the case of location data sharing.

Location data can show if someone visited an abortion clinic or a cancer treatment center. People usually want to keep this type of information private and not share it with companies or third parties. When consent is given without knowing what it is for, the act of giving or obtaining consent becomes meaningless.

Why consent is important in ethical data practices
Although you are legally required to obtain the user’s consent to process their data, there is also such a thing as the ethical use of data. When you take measures to protect your customers’ data beyond what the law requires, it promotes trust among your customers.

People value privacy and appreciate brands that prioritize data privacy. Let’s say a consumer is given the option to choose between two brands: one with no privacy features and another that advocates for privacy with built-in privacy features. Which do you think the customer will choose? Obviously, the latter.

Understanding a company’s data privacy policy is crucial to 85% of consumers—even before they make a purchase, a global study determined. Equally as important, 40% of individuals have changed brands after discovering that a company failed to protect customer data adequately, according to the McKinsey Global Survey on Digital Trust.

This is why tech companies go out of their way to demonstrate the privacy features they offer and how user consent is prioritized in these features.

In a way, customers prioritizing consent compels companies to integrate ethical data privacy policies into their systems. But it’s time companies realize that consent is the backbone of data privacy regulations and take customer consent seriously, not just to avoid hefty fines, but to also value the customer’s choice and their right to privacy.

A final word
Organizations worldwide are facing issues with data privacy. What is important when trying to protect your customers’ data is to realize the role customer consent plays. This helps organizations develop features and draft policies with the customer’s consent in mind and to effectively communicate to the customers why they are seeking consent. Without this step, data privacy becomes compromised. So, both organizations and customers need to grasp why consent matters and advocate for the ethical processing of data.

ManageEngine is a division of Zoho Corporation that provides comprehensive on-premises and cloud-native IT and security operations management solutions for global organizations and managed service providers. ManageEngine strongly believes in privacy by design and continuously advocates for user privacy. Established and emerging enterprises—including nine of every 10 Fortune 100 organizations—rely on ManageEngine’s real-time IT management tools to ensure the optimal performance of their IT infrastructure. Learn more about ManageEngine’s comprehensive suite of IT management solutions here.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.