Ignore DNS at your Peril

BlueCat

September 24, 2018

Learn more from Mathew Chase’s webinar on how busy IT executives can leverage DNS or read his thoughts on cybersecurity in our Cybersecurity Spotlight series.

It’s easy to ignore DNS.

Microsoft in particular has made it so. Microsoft DNS automatically deploys in the Active Directory environment, so you set up your servers and forget about it. And 90 percent of the time, it works.

But ‘90 percent of the time’ in a high-functioning IT organization is a horrible metric. When you actually do something important that is truly reliant upon DNS or DHCP, like run a call center, something that works 90 percent of the time is a huge problem.

DNS is the fundamental backplane of your network. It’s how everyone inside your organization accesses resources in and outside your network. All of your applications that have to talk to each other rely upon it. In complicated load balancing scenarios on a global network, DNS is crucial. And let’s not forget this important point: Active Directory doesn’t function without DNS. Period. All of your authentication systems for Microsoft components are built on underlying DNS records.

The people who have often best understood and paid attention to DNS are, unfortunately, primarily on the other side of the fence – hackers. In the early days, DNS was the quick way to conduct reconnaissance to map networks and identify hostnames and prime targets on a network. For many network administrators, DNS is just a means to an end: ‘I put in my DNS server and I’m done.’ That’s where their understanding of it frequently stops.

Ignoring DNS is something you do at your own peril.

When properly administered and configured, DNS yields very good information. It tells us what’s happening, where people are going and what they’re doing. In modern cybersecurity environments, we’re always concerned about a bad actor on our network. How do we determine when people are either compromised or acting in a way that is uncommon for them to act? DNS can provide valuable clues.

Every malicious web address starts with a DNS request. DNS firewalls are exceptionally good at disrupting these queries, whether through a threat feed or custom-built policies. DNS-based security also allows for visibility into the IP address space and DHCP, allowing network administrators to see who’s requesting IP addresses on the network and where they’re going with them.

Of course, any addition to the security stack begs the question of how it will be managed. Is the new solution going to take more people? How much more money is it going to cost me? And what’s my return on investment? Good solutions that can solve problems at a network level, and don’t require a lot of end user configuration, can really help improve your security posture. DNS, DHCP, and IP address management enterprise solutions provide that, along with all the reliability and redundancy required in stable operations. But from a security perspective, you gain network layer defenses with almost no impact to end users. The cost of administration to security benefit has always weighed in my favor.

Mathew Chase

Mathew most recently was vice president of IT for Inovalon, which provides cloud-based platforms and data analytics for the healthcare industry. He has deep experience with DNS and its implications for cybersecurity and other digital transformation initiatives. He got his start in IT in the mid-90’s at the Las Vegas Review-Journal, when he was pulled off his desktop publishing shift to help the newsroom become one of the first in the U.S. to produce their paper electronically. Career highlights include the IT operations manager for resident shows at Cirque du Soleil and the CIO for a U.S. government health insurance commission.


Published in:


An avatar of the author

BlueCat is the Adaptive DNS company. The company’s mission is to help organizations deliver reliable and secure network access from any location and any network environment. To do this, BlueCat re-imagined DNS. The result – Adaptive DNS – is a dynamic, open, secure, scalable, and automated DDI management platform that supports the most challenging digital transformation initiatives, like adoption of hybrid cloud and rapid application development.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more