The pandemic, with the rise of teleworking and remote offices, has fostered the emergence of complex, hybrid and increasingly distributed networks, which have become the cornerstone of these new work models. But this new reality poses challenges for additional cybersecurity for organizations. As a result, DNS, as a core network service, is an increasingly critical asset, for a number of reasons: DNS is now the first line of defense for any network infrastructure. More than 90% of cybersecurity threats use DNS at one or more stages in the attack chain, making DNS security critical in an enterprise’s overall security posture.

DNS, as a “core” network service, is an increasingly critical asset

In the context of highly distributed, cloud-based, hybrid networks, with an increasingly diffuse network perimeter, DNS goes from being just an IT asset to be protected to becoming a valuable and powerful cybersecurity tool, which helps streamline threat hunting and anticipation. Using threat intelligence and analysis in the internal DNS system, such activity can be detected and blocked before ransomware and other threats spread throughout the organization.

Design a resilient “zero trust” architecture with DNS Security

A strategy that allows to significantly strengthen the security posture of the network is to integrate the valuable metadata resident in the “core” network services (DDI: DNS, DHCP and IPAM) within the security stack. This information makes it possible to quickly detect a threat or abnormal behavior and share that information with the rest of the security ecosystem. Using DNS security and leveraging DNS-related information within a Zero Trust architecture can reduce risk in all environments, from the cloud to the on-premises data center. Visibility and automation capabilities are essential when deploying a Zero Trust architecture. ”, and DNS-based security provides them: identification of all devices and users connected to the network, both in virtualized environments, “on-premise” or in hybrid cloud / s, elimination of watertight compartments, through shared access to the protocol databases, IP addresses, network infrastructure devices, end hosts, etc., reduction of the risk of interruption of services thanks to the detection of unauthorized devices, errors, unmanaged network devices, etc., that they go unnoticed by standard IPAM tools. Closely related to visibility and automation is the idea of ​​orchestration. The entire cybersecurity system has to be orchestrated, so that when an attack is detected in a system, that information is immediately known by the rest of the systems and tools. This will allow us to reduce the time of the attack, and therefore the damage caused.Joaquín Gómez, Cybersecurity Lead for Southern Europe at Infoblox