Managed DNS Security
What’s in a name?
Managed DNS Security
While the Internet may run on IP addresses the most critical services are handled with their counterpart DNS (aka the friendly name for a service, example: www.facebook.com). The DNS name allows us to have any name we wish to point to any number of IP addresses. This is often used for global load balancing, basic load balancing, and more importantly secure sites with SSL (such as connecting to your bank account). Unfortunately, most organization simply set up their DNS records in the Windows Domain Controller and forget about anything past basic management. What many of these organizations don’t understand is that if an attacker controls your DNS then they control your infrastructure. Naturally, if an attacker is able to control any part of a company’s infrastructure then it’s a bad day. Another disastrous possibility is if attackers are using the most fundamental services in your organization to enable their attacks. Most viruses and malware must phone home to some sort of Command and Control server in order to carry out the directives of their attackers. Command and Control systems used to be based on IP lists, but simple blacklisting has eliminated that problem in many cases. Instead, virus and malware creators have turned to using DNS names as they’re easy to update to point to any IP address on the web. This means that it’s easy for viruses and malware to connect to their Command and Control and deliver a company’s confidential data utilizing that company’s own DNS server without having had to breach the servers. Even scarier is that malware often create DNS tunnels to exfiltrate data past almost all next generation firewalls and IDS/IPS systems. And worse these tunnels typically appear as legitimate DNS requests.
The Cybriant Secure DNS appliance lets you immediately detect and prevent attacks in progress. Comprehensive threat intelligence built into the platform allows for rapid attack discovery, so you can immediately and effectively prioritize your response as attacks unfold. This technology can be implemented as a solution or a service.