How organizations can better defend against DNS attacks



DNS has grow to be a main goal for cyberattacks, inflicting downtime and monetary loss for a lot of companies, in response to a brand new report from EfficientIP.

5 issues to learn about DNS
The Area Identify System, or DNS, might be slowing you down and even exposing you to safety points.

By resolving hostnames with IP addresses, the Area Identify System (DNS) performs a essential position for organizations by making certain that customers are directed to the correct websites, servers, functions, and different sources. However DNS is beset by sure weaknesses that make it susceptible to hackers and cyberattacks. To protect towards such assaults, organizations must undertake particular countermeasures, as outlined in new analysis sponsored by EfficientIP and carried out by IDC.

Launched on Tuesday, the 2019 International DNS Menace Report reveals a rise within the variety of DNS assaults and the extent of injury they go away behind. Over the previous yr, 82% of the organizations surveyed for the report had been hit by a DNS assault. On common, these companies had been the victims of greater than 9 DNS assaults, a rise of 34% over the prior yr. The prices of those assaults rose by 49%, as one in 5 organizations misplaced greater than $1 million within the aftermath of every assault.

SEE: Particular report: A successful technique for cybersecurity (free PDF) (TechRepublic)

Because of the elevated DNS assaults, 63% of the organizations suffered downtime for in-house functions, 45% noticed their web sites compromised, 27% skilled enterprise downtime, 26% had been hit by injury to their model, and 13% noticed the theft of delicate info. The info additionally confirmed a rise in particular kinds of DNS assaults, together with phishing, DNS-based malware, DDoS assaults, and DNS tunneling.



DNS assaults goal a wide range of industries, every with sure penalties. Monetary providers was probably the most focused sector, telecom and media was hit by the very best quantity of brand name injury, authorities noticed the very best degree of the theft of delicate info, and utilities suffered the very best prices from such assaults, in response to the report.

To struggle again towards DNS assaults, organizations have usually operated in reactive mode. When hit by an assault, companies will usually flip off affected processes and providers, disable some or all the affected functions, and even shut down the enterprise service. What’s wanted, argues EfficientIP, is a extra proactive strategy to stop or predict these assaults earlier than they happen, or a minimum of earlier than they will trigger vital injury. And organizations are beginning to just do that.

“Whereas these figures are the worst we now have seen in 5 years of analysis, the excellent news is that the significance of DNS is finally being well known by companies,” EfficientIP CEO David Williamson mentioned in a press launch. “Mainstream organizations are actually beginning to leverage DNS as a key a part of their safety technique to assist with risk intelligence, coverage management and automation, thus constructing a very good basis for his or her zero belief plan.”

Among the many organizations surveyed by IDC, 64% mentioned they use DNS analytics to detect compromised units, 35% complement their risk intelligence with inner analytics on DNS visitors, and 53% use machine studying to scan for malicious domains. Additional, zero belief is taking a extra lively position as organizations are more and more treating each inner and exterior visitors and sources as untrusted by default. Among the many respondents, 17% mentioned they already run on zero-trust structure, whereas 48% are eyeing it as a part of their safety technique.

To fight DNS assaults, EfficientIP provides the next three suggestions:

  • Implement inner risk intelligence to guard your enterprise information and providers. Actual-time DNS analytics can assist detect and thwart superior assaults corresponding to DGA (area era algorithm) malware and zero-day malicious domains.
  • Use DNS to make sure safety compliance. Integrating DNS with IPAM (IP handle administration) in community safety orchestration processes can assist automate the administration of safety insurance policies, conserving them present, constant, and auditable.
  • Leverage DNS’s distinctive visitors visibility in your community safety ecosystem to assist SOCs speed up remediation. Implementing real-time behavioral risk detection over DNS visitors ensures that certified safety occasions moderately than logs are despatched to your SIEM (safety info and occasion administration) software program.

IDC carried out its analysis from January to April 2019. The outcomes are primarily based on responses from 904 folks throughout North America, Europe, and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT managers, safety managers, and community managers.

Additionally see

Computing and malware conceptComputing and malware concept

Picture: iStockphoto/peshkov


Source link