DNS: Early Warning System for Cyber Attacks

Real-Time Intelligence is Key

istock 465425870 blog 7

The Domain Name System (DNS) is akin to the central exchange for the Internet. It lists, tracks, and matches domain names – like www.akamai.com — to machine-readable IP addresses – like — to steer traffic to the desired site.

But security wasn’t top of mind in the design of the DNS protocol. As such, it should come as no surprise that DNS-based threats continue to stalk the digital world. In fact, DNS is one of the top three most frequently used attack vectors to date this year, according to Akamai's First Quarter, 2017 State of the Internet / Security Report.

The list of resulting DNS security concerns is long: denial of service, zero-day vulnerability, cache poisoning, server hijacking, the injection of malware into business systems, and the exfiltration of sensitive corporate or customer data from inside to outside the enterprise. Hackers use DNS as a vector for bots or malware because they’re confident existing security solutions are unlikely to inspect DNS packets.

The SANS Institute has pointed out that attackers continue to develop new ways to exploit weaknesses in the DNS infrastructure, and that organizations aiming to address growing risks need to monitor DNS communications, recognize unusual or malicious activity, and inform the broader security ecosystem to protect against the lateral movement of threats.

The SANS Institute also cautions that visibility into these threats must extend outward rather than simply protecting and monitoring DNS services on premises given business’ growing mobile on-staff and contract workforces. The Internet of Things shouldn’t be left out of mobile threat concerns, either. Connected devices were the vector for the 2016 attack aimed at a DNS provider that blocked more than 1,200 websites for several hours, for instance. DDoS attacks also have affected popular websites including Twitter and PayPal.  

Visibility into enterprise DNS traffic patterns, however, hasn’t been particularly easy to achieve. Traffic volume and source aggregation present challenges. And even if DNS log monitoring and dissection wasn’t a problem, your company’s traffic on its own would not present a large enough sample size to pick up on global, Internet-wide threats.

Simply put, the more data in support of useful intelligence, the better.

The Road to DNS-Based Defense

Fortunately, IT teams now have a fighting chance against DNS-related cyber attacks with the help of cloud services that compile intelligence from a startlingly high number of DNS requests. All that cloud-based metadata, along with strong knowledge of how DNS works and algorithms to support distinguishing good traffic from bad, creates what is essentially cloud security intelligence at the DNS layer.

Companies that have a strong background in the content delivery network space, servicing billions of daily DNS requests and combining that data with third-party feeds, can take this very route to help businesses close this major security gap in a simple and fast way. Using real-time intelligence gleaned from continually mapping the Internet, these partners can deliver comprehensive insight into malicious actors’ attacks and proactively protect against cybercriminals that exploit vulnerabilities in recursive DNS to launch malware, exfiltrate data, and otherwise wreak havoc.

Adding to value as an early warning system for such attacks, services that offer a central cloud portal enable IT to manage security from anywhere and deploy policies in seconds to protect all locations, as well as use dashboards for deeper drill-down views into DNS traffic, threat events, and other activities.

To learn more, visit Akamai.


Copyright © 2017 IDG Communications, Inc.