What's in a Domain Name?

• Content
• Technology
• What's in a Domain Name?

13 February 2017 | Updated 01 January 1970

An analyst report detailing how the Domain Name System (or DNS), which helps address Internet traffic to the correct recipients, is the primary source of data exfiltration. Its findings prove this major business risk is being widely ignored as a threat.

"With fines of up to Euro20 million or 4% of global revenue, whichever is higher, for non-compliance with the European Union’s General Data Protection Regulation (GDPR), organisations must take steps towards meeting the standards or risk the chance for ‘accidental fame’," says a spokesperson for EfficientIP

The IDC Technology Spotlight analysis, sponsored by EfficientIP, looks at the effects of data exfiltration and tunneling alongside the GDPR which comes into effect on Friday 25th May 2018.

The lack of knowledge about DNS exfiltration means that malicious attacks are easily executed by hiding and then encrypting the data to be stolen inside seemingly legitimate ‘address labels’, which DNS servers use to route traffic into and out of public servers. The solution the analysts suggest is similar to that used to detect malicious behaviour in network traffic - albeit at the more fundamental DNS level.

Commenting on the findings, IDC analyst Duncan Brown said: “GDPR is all about business risk, in 2018 data exfiltration will change the game and it affects organisations globally, not just those based in the EU. Enhanced DNS Security is an added layer of protection when considering privacy for the network data and customers. Preserving reputation and enabling GDPR.”

David Williamson, CEO of EfficientIP, said: “The benefits of GDPR for the privacy of citizens are unquestionable and the EU is leading the way with this legislation. Given how well flagged it is and how important it would be to the future cyber security of global organisations, it is concerning therefore to see that the best efforts of IT security experts will not address this obvious flaw the experts at IDC have pointed out.”

Compliance

Detecting DNS attacks may include analysis of DNS traffic patterns, blacklisting of compromised traffic sources and even sophisticated packet analysis with the ability to quarantine suspicious traffic. Such actions, even today with the GDPR deadline looming, are not yet in place in all organisations.

In addition to detecting likely threat behaviour using DNS analytics, defensive countermeasures, such as the separation of DNS cache and recursive functions offered, present a positive response to DNS-level attacks. Such attacks can see thousands of personal records stolen in minutes.

“Quite simply, the choice is to take DNS seriously as a cyber threat or face public humiliation and potentially business threatening financial penalties when GDPR is in place. When IT executives take stock of the investment needed to put smart DNS protection into place versus the risks they are taking without it, their only question should be ‘Do we feel lucky?’. If the answer is not a resounding ‘Yes!’, we can help,” David Williamson added.

Picture: Does the IT department need to put smart DNS protection in place this year?

Article written by Robin Snow | Published 13 February 2017

Share

Related Articles