Data Protection Day: Spotlighting DNS for all the right reasons

Image Credit: Shutterstock (Image credit: Image Credit: Mopic / Shutterstock)

January 28th has come and gone, leaving in its wake the ever-growing reminder of the importance of protecting personal information online. While it applies to both private citizens and corporate networks alike, Data Protection Day began in Europe to raise awareness on personal data privacy rights, and has deep undertones to businesses.  

The effects of their non-compliance with GDPR regulations should begin to accelerate this year, with Gartner predicting upwards of a billion euros in issued sanctions by the end of 2021. This makes it even more important to keep security top-of-mind throughout the year, particularly when it comes to backdoors into a network.

While most security tools block data transfer mechanisms like File Transfer Protocol (FTP), common internet protocol like the Domain Name System (DNS) are often left unsecured giving attackers a loophole; one where connections to arbitrary servers aren’t blocked. Hence, the DNS protocol is widely recognised as a prime target for data exfiltration. In a study conducted in 2018, it was highlighted that 33% of companies were victims of data stolen via the DNS, so exfiltration via DNS has become a major concern to businesses in the midst of becoming compliant to data privacy laws.  

Image Credit: Shutterstock

Image Credit: Shutterstock

Data exfiltration

This type of breach can be extremely difficult to detect, as it often closely resembles typical network traffic, meaning incidents often only become noticeable long after exfiltration has already been achieved. To ensure compliance, the need to protect data and detect exfiltration attempts in near real-time has increased. Firewalls alone are not good enough anymore so need to be complemented with DNS security solutions which provide context-aware behavioural analysis of DNS traffic, at the same time helping eliminate risk of false positives.

In the above-mentioned study, 38% of surveyed companies reported the prioritisation of monitoring and analysis of DNS traffic for helping ensure data confidentiality. Yet despite this acknowledgement of the importance to protect, companies are still fraught with DNS-based breaches, costing them not only their reputations, but also their time and money. The average cost of damages soared in the past year according to survey results, totaling $715,000 per attack, a 57% increase from 2017. This kind of report data proves that DNS security must be considered a key component of any company’s overall network security strategy. 

Some key recommendations to consider:

  • Traditional monitoring techniques have a risk of blocking legitimate traffic and slowing down applications. The decentralised architecture of global DNS service makes it nearly impossible to know every server in use. Therefore, security must be embedded in the heart of DNS- its own servers.
  • ‘Privacy by Design’ isn’t a new concept...but GDPR now demands that data privacy be taken into consideration during the design and development lifecycle of any project that involves processing personal information. This process at the application level relies, amongst other things, on network infrastructure. DNS is a core foundation of IT architectures, but is also one of the easiest options for exfiltrating data. Special attention should be paid to the DNS during network planning and execution phases.
  • Threat Intelligence should rely on internal networks as well as global information.  Data feeds from global sources help protect against menaces at an internet scale, but don’t address company-specific threat information like logs or traffic flow . With the DNS’ capability to collect maximum amounts of data related to network activity, it can help organisations build more personalised threat intelligence.
  • Start considering predictive security for DNS using machine learning (ML). This involves analysis of user and IoT behaviour, making use of stats per source IP address to detect abnormal requests and zero-day malicious domains. 

Data Protection Day serves as an annual reminder that no one is safe unless steps are taken to defend consciously and thoughtfully. We’ve been conditioned over the past few years to treat data breaches of major corporations as commonplace. A movement dedicated to safeguarding personal data is required in the current ecosystem- with accountability and a consumer-first mentality being key.

Maintaining control of their own information has become a priority to modern individuals, and preserving those individuals’ trust is paramount for businesses. We can only hope that preventative action supports these notions, and continues to evolve alongside the threat landscape into the future. 

Ronan David, VP Business Development and Marketing at EfficientIP

Ronan David

Ronan David is the VP of Business Development and marketing at EfficientIP. He is a great leader with over 17 years of working experience.