By: Ashraf Sheet, Regional Director, Middle East & Africa at Infoblox
The future of the workplace is undoubtedly a remote workforce, accessing the corporate network via mobile devices and the cloud. This is likely to cause a few sleepless nights for the teams traditionally responsible for managing network security on-premise.
With remote working, data breaches will become commonplace. Networks will be infiltrated with malware due to an increase in roaming or off-network access.
Vulnerable and unsecure
At the root of many of these breaches, and the damage and stress that accompanies them, lies the DNS, or domain name system. Often referred to as the address book of the internet, DNS sits at the heart of every organisation’s IT network, translating domain names into machine-readable IP addresses. Despite most internet communications relying on DNS, however, it is inherently vulnerable and not sufficiently secured, resulting in weaknesses that can be exploited for criminal ends.
DNS is used by a high percentage of malware to carry out campaigns such as communicating with C&C servers, holding data to ransom or serving as a pathway for data exfiltration. Due to its position at the core of the network, however, DNS is often the first part of an organisation’s infrastructure to see the majority of malicious activity and should, therefore, be considered an organisation’s first line of defence.
By collecting and analysing data from DNS queries, an effective enterprise DNS security solution will provide essential context and visibility that will alert IT teams to any anomalies, enable them to report on which devices are joining and leaving the network, and ultimately allow them to resolve problems more quickly.
Many DNS security solutions are focused on on-premise networks, however, and aren’t sufficiently suitable for remote workers and offices, much of whose workloads are held in the cloud.
The mobile options
Meeting the demand for greater speed and mobility means that internet traffic from mobile workers tends not to be backhauled to an organisation’s network via corporate points of presence such as servers or routers. As a result, DNS traffic to and from an organisation’s mobile users will not generally be visible to corporate security monitoring.
The growing shift towards a more mobile workforce makes it important, therefore, for organisations to adopt a hybrid approach to DNS security that will protect both on-premise and mobile users; a combination of on-premise DNS security as mentioned above, and one of the following approaches to maintaining DNS security in a mobile environment.
Agent software, for example, can be installed on a mobile device and reroute DNS traffic to a cloud-based DNS security solution that can monitor client-side behaviour to detect malicious or suspicious DNS activity. And in cases where it isn’t possible to install an agent, configuration settings on a mobile device can be set to proxy mobile device traffic through services often referred to as cloud access security brokers, or CASB. However, while CASB services are able to monitor HTTP traffic from mobile devices, the implantation of an additional DNS proxy solution is required to reroute DNS queries to a cloud-based DNS security solution which can then monitor and block suspicious activity.
What’s more, a combination of both client agent and proxy approaches, integrated with threat intelligence to assure the detection of DNS tunnelling and other advanced targeted threats, can provide broad coverage across a variety of devices and external services.
DNS as an asset
If not given proper consideration within an organisation’s security plans, DNS can provide an easy point of entry for malicious actors intent on disrupting networks, and accessing and exfiltrating sensitive information. And the problem is growing. As sophisticated cybercriminals continue to develop new techniques and tactics to exploit vulnerabilities in DNS services, the increasing demand to support a growing mobile workforce opens up additional attack vectors.
DNS services and data can be used as an asset in the security chain, however. By taking a hybrid approach of on-premise DNS security together with a cloud-delivered solution, organisations are able to protect not just the users within their corporate network, but also those based in branch offices, and those who increasingly opt to work remotely.