Or is there a line at all?
Those who use administrative DNS data to analyze and mitigate anomalies are relevant to both IT management and IT security.
But straddling that boundary isn’t always easy. More often than not, DNS administrators are focused on maintaining the pace of their workflow and view security as a secondary priority.
It cuts the other way, too. IT security professionals tend to overlook DNS data as a purely administrative function with little relevance to countering threats.
Here at the DODIIS 2017 conference, we heard from General Darren McDew, Commander of US Transportation Command, who eloquently summarized his own struggles to reconcile day-to-day IT administration with cyber security.
“I viewed cyber through the lens of IT,” he said, shaking his head. In a competition for scarce resources, Transportation Command treated cyber security as an extension of IT administration costs rather than recognizing it as a core capability.
The same thing can be said about DNS at the enterprise level. So many large organizations view DNS as a cost center – part of the core infrastructure which keeps networks up and running. Nothing more.
This is cyber security through the lens of IT.
DNS and CyberSecurity
There is a better approach: move day-to-day DNS network administration tasks into the context of cyber security.
By realizing and leveraging the value of DNS data for anomaly detection, “patient zero” identification, and protection of internal network traffic, traditional barriers between traditional IT administrators and their cyber security colleagues can be broken down.
It’s a question of vision. General McDew recognized that cyber security viewed through the lens of IT undervalued the entire network enterprise. True transformation requires IT professionals to break through organizational silos to realize the security value of the tasks they perform every day.
We know this isn’t always a comfortable or easy process; but we agree the journey is worthwhile.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.
On the road to platform hardening, consider a STIG
Security Technical Implementation Guides standardize security configuration on networks, servers, and devices. BlueCat uses them and you can, too.
To better see the threats on your network, try DNS
DNS is a vector used in most cyber attacks. When it comes to DNS, BlueCat can enhance visibility, detection, and containment of threats to your network.
Webinar: Threat Protection
BlueCat Solution Architect Steffen Probst discusses how intelligent security from BlueCat uses DNS to protect internal and external traffic against threats.