Express Computer
Home  »  Security Edge  »  How DNS can be used to improve your overall security posture

How DNS can be used to improve your overall security posture

By John Pescatore, SANS

0 102

Threat intelligence information provides details on the tactics, techniques, and procedures used by attackers. Often, threat intelligence includes lists of known malicious executables, domain names, and IP addresses. As this information comes out, enterprises can update block lists, but this is a reactive approach; attackers quickly and continuously switch domain names to avoid such simple filtering.

Taking advantage of the deeper visibility provided by the DNS system can support more proactive security practices, leading to improvements in three critical security metrics:

  • Time to detect
  • Time to respond
  • Time to restore

The goal is to move as much as possible from incident response to damage minimization. All too often, businesses are not even aware of attacks until customers or law enforcement highlights them. More proactive precautions are necessary to prevent attacks and more quickly detect the start of unpreventable attacks.

Because DNS requests are generally first seen quite early in the attack chain, DNS-based threat intelligence can be effective in shaping proactive precautions, reducing time to detect, and reducing the load on follow-on security controls. This also applies to appliances, IoT, ICS, and other devices without client-side visibility because they have to participate in DNS.

Best Practices for an Effective DNS Security Architecture

An effective DNS security architecture starts by ensuring the performance, availability, and integrity of DNS services by protecting the DNS host platform (server operating system, file system administrative apps and tools), the DNS software (name server, resolver), and the DNS data (zone file, configuration file). Essential security hygiene such as the CIS Critical Security Controls Implementation Group 1 (configuration management, patching, privilege management, etc.) are required for IT and security operations functions. Industry-secure configuration standards (such as Center for Internet Security [CIS] benchmarks and Department of Defense Security Technical Implementation Guides [DoD STIGs]) should be applied and audited for operating systems, databases, and DNS software. Widely accepted, broader frameworks such as the NIST Cybersecurity Framework and the MITRE ATT&CK knowledge base provide the higher-level requirements and justifications for ensuring that a quality DNS security architecture is in use.

These best practices should also include using the DNS architecture for broader overall security benefits. When DNS services are secure and reliable, they can provide the key data for threat intelligence and attack detection/prevention/response capabilities discussed in the previous sections. DNS threat intelligence can provide early, accurate, and actionable information that supports thwarting attacks without causing inadvertent self-inflicted disruption. To gain these benefits, DNS should be an integral part of security operations, which often requires the SecOp staff (including both defenders and incident responders/investigators) to work closely and be cross-trained with IT or network ops groups that may have functional responsibility for DNS services. Where possible, common tools should be used across both groups.

A secure DNS architecture benefits business by ensuring the reliable and trustable DNS services needed for digital business. It also minimizes the risk of attacks compromising those same services, disrupting business and attacking customers. A well-designed and managed DNS architecture, combined with DNS threat intelligence, can reduce the “noise” produced by false-positive indications, reducing the load on security operations staff.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image