Or is there a line at all?
Those who use administrative DNS data to analyze and mitigate anomalies are relevant to both IT management and IT security.
But straddling that boundary isn’t always easy. More often than not, DNS administrators are focused on maintaining the pace of their workflow and view security as a secondary priority.
It cuts the other way, too. IT security professionals tend to overlook DNS data as a purely administrative function with little relevance to countering threats.
Here at the DODIIS 2017 conference, we heard from General Darren McDew, Commander of US Transportation Command, who eloquently summarized his own struggles to reconcile day-to-day IT administration with cyber security.
“I viewed cyber through the lens of IT,” he said, shaking his head. In a competition for scarce resources, Transportation Command treated cyber security as an extension of IT administration costs rather than recognizing it as a core capability.
The same thing can be said about DNS at the enterprise level. So many large organizations view DNS as a cost center – part of the core infrastructure which keeps networks up and running. Nothing more.
This is cyber security through the lens of IT.
DNS and CyberSecurity
There is a better approach: move day-to-day DNS network administration tasks into the context of cyber security.
By realizing and leveraging the value of DNS data for anomaly detection, “patient zero” identification, and protection of internal network traffic, traditional barriers between traditional IT administrators and their cyber security colleagues can be broken down.
It’s a question of vision. General McDew recognized that cyber security viewed through the lens of IT undervalued the entire network enterprise. True transformation requires IT professionals to break through organizational silos to realize the security value of the tasks they perform every day.
We know this isn’t always a comfortable or easy process; but we agree the journey is worthwhile.
NSA and CISA: Protective DNS key to network defense
U.S. cyber agencies now point to protective DNS as a defense strategy, confirming what BlueCat already knew: DNS is critical to detecting network threats.
SUNBURST/Solorigate Situation Briefing
BlueCat leaders discuss how the malware attack via SolarWind’s Orion platform exploited DNS and how BlueCat Edge could have helped to detect it.
January 21, 2021: Learn more about how the SUNBURST/Solorigate malware exploited DNS to execute its attack.
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.