EfficientIP Header
  • Product Presentation
  • Management I
  • Data security / DLP / Know-how protection
  • Network Security / Patch Management
  • SIEM / Threat Analytics / SOC

Why DNS is Your First Line of Defense Against Malware and Data Theft

DNS sees almost all IP traffic, which can be analyzed in real-time to enhance attack detection/mitigation and feed information to SOCs.

10/7/2020 2:30:00 PM – 10/7/2020 2:45:00 PM

Please log in or register in advance so that you can take part in actions or watch videos about the action!

This action is available to the it-sa 365 community as a video.

EfficientIP Header
  • Product Presentation
  • Management I

DNS sees almost all IP traffic, which can be analyzed in real-time to enhance attack detection/mitigation and feed information to SOCs.

Language: German

Questions and Answers: Yes

graphical blue background
close

This video is available to the it-sa 365 community. Please register or log in with your login data.

Action description

In this zero trust era, DNS remains a favorite target and vector due it’s criticality for linking users to apps. The IDC 2020 Global Threat Report revealed 79% of organizations were victims of DNS attacks, with 82% of them suffering application downtime and 50% cloud downtime as a result.

But as it sees almost all network traffic, DNS is also by nature your first line of defense against malware, ransomware and data theft, filling security holes left by traditional systems such as firewalls and IPS.

For a successful zero-trust strategy approach, organizations need to elevate their DNS security through the implementation of advanced threat detection capacity with user behavioral analytics (UBA).

Real-time analysis of DNS traffic - end-to-end from client behavior to the destination requested - offers this, allowing threat intelligence to be built for enhancing attack detection and mitigation.
The intelligence gleaned from DNS traffic inspection is of great value to security components such as SIEMs, security policy managers and cloud security platforms. With more domain names created and more devices joining the network (IoT, Edge, mobility, remote workers) and the growth of big data and analytics, sharing threat information from DNS to the security ecosystem has therefore become a fast-growing requirement.
Infosecurity managers are increasingly suffering from breach fatigue, due largely to the high number of alerts they are receiving, many of which are false alarms. Rather than sending huge amounts of logs, a smart DNS security solution can feed SIEMs and SOCs with actionable data and events to help forensic examination, simplifying and accelerating detection and remediation.
For organizations wishing to incorporate holistic network protection by connecting their security silos, it’s clear to see therefore why DNS truly has the capability to become your first line of defense.

read more

Speaker