Why DNS protection should be the first step in hybrid cloud security

A person at a laptop with a cybersecure lock symbol floating above it.
(Image credit: Shutterstock / laymanzoom)

Securing today's hybrid cloud environments is a formidable challenge. Cloud adoption is on the rise as businesses everywhere, across all sectors, digitalize, modernize and evolve. The hybrid cloud model has become the de facto standard used by nearly three-quarters of businesses. Hybrid cloud environments combine the use of public and private cloud infrastructures, often involve multi-cloud, on-premise, edge, and IoT environments, and as networks get more complex, cyber-attacks are on the rise.

We know that bad actors continuously enhance their tactics and techniques, devising novel methods to circumvent enterprise security measures, so early detection and rapid response are more crucial than ever in reducing business risk and ensuring continued compliance with data privacy regulations. As if the complexity of distributed hybrid networking was not enough, in the last few years the rise in remote working has also added to existing security pressures and left security teams struggling to secure this expanding network footprint.

Today’s tapestry of multi-device, multi-cloud, multi-location network environments offers unrivalled flexibility, business agility and cost efficiencies, but more than a third of IT leaders consider security to be a primary challenge. What’s needed is a security approach that permeates all aspects of networking and can continuously monitor activity from any device, any user, anywhere.

Gary Cox

Gary Cox is Director of Technology for Western Europe at Infoblox.

Security starts at the DNS level

Traditional methods of protecting the expanding network attack surface area are falling short. Configuring appropriate security measures between multi-cloud infrastructures, edge computing environments and the IoT is a complex endeavor that businesses often get wrong and bad actors are quick to exploit. We know this from the rise in attacks that specifically target common cloud misconfiguration.

Amid the intricacies of protecting a proliferating number of networks, systems, devices and endpoints, one network area offers a solution that is startling in its (relative) simplicity. One network infrastructure element that every network has and needs for connectivity is the Domain Name System (DNS).

While it is often seen as “just” a protocol for connecting users to websites, DNS also plays a vital role in monitoring today’s distributed environments. Attackers know this: more than 90% of malware uses DNS to progress an attack at some point in the lifecycle. DNS attacks such as DNS spoofing, cache poisoning and DDoS are rising as attackers exploit an often-underestimated networking layer. While DNS attacks aren’t new, the latest crop of DNS attacks has been laser-focused in exploiting vulnerabilities in hybrid cloud environments. New attack vectors – such as DNS tunnelling and dangling DNS have also grown in popularity with the rise of different cloud environments.

The power of protective DNS

The ubiquity of the DNS should make it a strategic focus for security efforts. However, in reality, even though DNS forms a fundamental part of the security strategy for nearly all businesses, many of these companies are failing to realize the potential protective role DNS can play in safeguarding today’s hybrid cloud environments.

In comparison with the hype and investment that many other security areas attract, DNS protection plays a quiet, but crucial, role in the security roadmap. After all, if fed with high quality feed data, DNS-level protection can detect and block the majority of threats, including ransomware, phishing, and malware command and control. Furthermore, DNS can also block attacks that are often missed by other, existing security measures, such as domain generation algorithms, DNS-based data exfiltration and lookalike domains.

Simply put, protective DNS measures are a great first line of defense for enterprise security. Given the vital part DNS plays in every network request, no matter the network environment, location or device from which it originates, DNS-level protection is particularly helpful in improving security in multi-cloud hybrid work environments because it improves protection from the ground up without adding additional infrastructure elements to the mix.

Improving threat detection and response

While protective DNS is an important first step, enterprises should be making their DNS work harder. For example, DNS-level security measures can help businesses detect and respond to threats earlier, making overall enterprise security efforts more productive and nimble and resulting in significant time and cost savings. There are two key components to enabling advanced DNS threat detection and response.

The first is visibility. DHCP, IP Address Management (IPAM) and DNS-related technologies help businesses see and stop critical threats earlier by shining a light on where threats exist and which devices are impacted. This unrivalled access to contextual information speeds up response times and is instrumental in helping security teams assess the severity of threats. Overall, the visibility gains from DNS, DHCP and IPAM improve the efficiency of security teams by around a third.

The second component is integration, specifically the automated integration of security remediation measures throughout the ecosystem. In DevSecOps terms, automated DNS-level integrations are a major “Shift Left” and have enabled security teams to identify and block threats earlier in the lifecycle. Given the vast majority of malware threats leverage the DNS control pane, stopping these at the source has significant downstream benefits. For example, dealing with threats at the DNS level reduces the load on security measures further along the network, helps identify and contain the lateral spread of threats, and improves security operations across all types of systems. User feedback points to significant efficiency improvements as a result, not least the reduction of security incident-related endpoint downtime by 47%.

Streamlined security and advanced threat protection

Enhanced DNS visibility and intelligent automation, when used together, greatly reduce average threat response times (also known as meant time to remediation or MTTR) as well as simplifying security management in hybrid cloud environments and helping businesses meet their compliance requirements. As organizations navigate the complexities of modern hybrid cloud networks, it’s essential they reevaluate the pivotal role of DNS protection in improving security measures across multiple KPIs including early threat detection, enabling cost optimizations across the security spectrum and maintaining the resilience of their digital ecosystems.

We've featured the best cloud computing service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Gary Cox, Director of Technology for Western Europe, Infoblox.