EfficientIP Header
  • Technology lecture
  • Technology I
  • Data security / DLP / Know-how protection
  • Network Security / Patch Management
  • SIEM / Threat Analytics / SOC

Why DNS is Your First Line of Defense Against Malware and Data Theft

DNS sees almost all IP traffic, which can be analyzed in real-time to enhance attack detection/mitigation and feed information to SOCs.

4/14/2021 12:00:00 PM – 4/14/2021 12:15:00 PM
EfficientIP Header
  • Technology lecture
  • Technology I

DNS sees almost all IP traffic, which can be analyzed in real-time to enhance attack detection/mitigation and feed information to SOCs.

Language: German

Questions and Answers: Yes

graphical blue background

This video is available to the it-sa 365 community. Please register or log in with your login data.

Action description

In this zero trust era, DNS remains a favorite target and vector due it’s criticality for linking users to apps. The IDC 2020 Global Threat Report revealed 79% of organizations were victims of DNS attacks, with 82% of them suffering application downtime and 50% cloud downtime as a result.

But as it sees almost all network traffic, DNS is also by nature your first line of defense against malware, ransomware and data theft, filling security holes left by traditional systems such as firewalls and IPS.

For a successful zero-trust strategy approach, organizations need to elevate their DNS security through the implementation of advanced threat detection capacity with user behavioral analytics (UBA).

Real-time analysis of DNS traffic - end-to-end from client behavior to the destination requested - offers this, allowing threat intelligence to be built for enhancing attack detection and mitigation.

The intelligence gleaned from DNS traffic inspection is of great value to security components such as SIEMs, security policy managers and cloud security platforms. With more domain names created and more devices joining the network (IoT, Edge, mobility, remote workers) and the growth of big data and analytics, sharing threat information from DNS to the security ecosystem has therefore become a fast-growing requirement.

Infosecurity managers are increasingly suffering from breach fatigue, due largely to the high number of alerts they are receiving, many of which are false alarms. Rather than sending huge amounts of logs, a smart DNS security solution can feed SIEMs and SOCs with actionable data and events to help forensic examination, simplifying and accelerating detection and remediation.

For organizations wishing to incorporate holistic network protection by connecting their security silos, it’s clear to see therefore why DNS truly has the capability to become your first line of defense.

read more



This action is part of the event IT Security Talks April 2021