|
The Domain Name System (DNS) plays an essential role in resolving IP addresses and hostnames. For organizations, it ensures that users reach the proper sites, servers, and applications. While it’s a fundamental base for a functioning Web, the problem is that this system can easily be abused.
Attackers often prey on the DNS’s weaknesses to point would-be site visitors to specially crafted malicious pages instead of the ones they wish to land on. For that reason, companies need to adopt specific countermeasures if they wish to ensure the safety of their site frequenters.
While larger enterprises have begun protecting their DNS infrastructure by gathering relevant threat intelligence, enforcing security policies, and automating redundant tasks, and so on, smaller ones have yet to follow.
To look closer at these points, this post tackles the growth of DNS-based attacks over time and how organizations can protect relevant stakeholders against them with actionable recommendations.
DNS-Based Attacks: Volume Increases Annually
What are we really up against? A 2019 DNS threat report shows an increase in the number of DNS attacks as well as the damage they caused in the past year. Here are a few of the relevant statistics presented:
Organizations victims of DNS-based attacks often only take a reactive stand to incidents. As part of this, companies may need to shut down affected processes and applications.
Of course, slowing down or even stopping operations isn’t a solution. Instead, the surveyed organizations cited the following approaches to deal with DNS-based threats:
Counteracting DNS-Based Attacks
A proactive approach to DNS security is a must-have. Ideally, operations need to implement zero-trust initiatives—monitor internal and external traffic, label all activity that is untrustworthy by default in real-time, etc. Additionally, some helpful immediate actions organizations can take to prevent DNS attacks include:
* * *
The increase in DNS attack volume and sophistication has shed more light on the importance of fortifying organizations’ DNS infrastructure. Without securing the DNS system, which we have written extensively in this primer, no amount of security solution or policy implementation can effectively defend networks against related threats.
Sponsored byRadix
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byDNIB.com