At the same time, intrusion detection and prevention systems and next-generation firewalls don't adequately disrupt malicious DNS communications to command and control domains - and lack of integration with standard network management tools. Further complicating matters is the fact that IT and security teams often function in silos, allowing DNS security to fall through the cracks. Whether the organisation is a target, or infected with malware to be used in an attack on another organisation, nearly every enterprise is vulnerable to leaks with operational funds, bandwidth and man hours spilling out.
In the face of escalating and evolving DNS-based attacks, securing DNS services is a sensible and necessary step in the evolution of enterprise security and IT organisations. Here are three strategic areas to focus on:
1. Improving visibility into DNS traffic patterns and content - With contextual analysis and enrichment features, companies can have a better view of their network's DNS traffic patterns and content.
2. Network and security automation - Features such as intelligent blocking, packet analysis, and dynamic policy-controls, when partnered with analysis features, support IT and security organisations to maximise while maintaining business critical resource availability, even when the network is under attack.
3. Integration with other security ecosystem solutions - The incorporation of reputation and threat feeds into this solution is critical.
To prevent against DNS attacks, organisations need a centralised view of network telemetry, supported by a database of known attackers. With a multi-layered approach to network security, the enterprise leverages streamlined response times and improved network availability and scalability, in the face of DNS attacks.
Sign up for MIS Asia eNewsletters.