Perimeter defenses seem to be the default for every security system. From the Great Wall of China to medieval castles to proposed “border walls”, we assume that the best defenses are those which separate “us” from “them”.
Cybersecurity is no different. Perimeter defenses continue to be the primary focus for most cybersecurity stacks. The standard assumption in all of this is that the wild, unruly internet can be separated from the fully trusted internal network.
Breach after breach has shown that this simply isn’t the case. If CISOs think they’re building a cyber Great Wall, they’re more likely to end up with the Maginot Line – a perimeter defense that looks impressive (and probably costs a lot of money), but one which is easily skirted by malicious actors.
The importance of internal network protections
Today’s cybersecurity environment requires equal (if not more) attention to what lies inside the network boundary. With phishing attacks becoming ever more sophisticated, it only takes one errant click for malware to spring up on an endpoint device. It’s important to have tools in place to monitor internal traffic and limit what devices can access, reducing the attack surface when a device is compromised.
The role of DNS
At BlueCat, we use DNS security to turn wall-based cyber defenses into more sophisticated, counter-insurgency style defenses. DNS security assumes that your network is either already breached or will be soon. Through constant monitoring and application of security policies to internal network traffic, BlueCat’s client-facing approach to DNS security helps to root out the malware which is already acting under the radar.
Lateral movement, beaconing, establishing command and control – malware almost always requires DNS to establish a foothold on the network. Malicious actors assume (correctly) that most cybersecurity administrators aren’t paying attention to DNS – they consider it “plumbing” or part of the network team’s responsibility. This is where a client-facing DNS security system pays dividends, identifying the low-level tactics of malware and insiders, intervening before they find what they’re looking for.
Redefining the network boundary
Perhaps it’s time to rethink where the cybersecurity perimeter really lies. The increasing use of DNS in malware shows that the best “perimeter” defense really lies inside the network. Being able to wall off compromised devices, question the validity of DNS queries from those devices, and apply security policies which restrict access to critical data – these create a more granular level perimeter where today’s most damaging breaches tend to occur.
Learn more about BlueCat’s DNS security systems here.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
BlueCat to the cloud- Webinar 3 (March 23rd, 2021)
Get an insider look into new capabilities and enhancements coming in BlueCat Integrity 9.3. As networks start to diversify into the cloud, NetOps struggles…
BlueCat to the cloud- Webinar 2 (Feb 3rd, 2021)
How prepared are you to tame the growing jungle of DNS forwarding rules in the cloud? Today’s seasoned network admin knows that configuring layer upon…
BlueCat Critical Conversations- Feb 19th, 2021
Critical Conversations bring together a diverse panel of IT pros to share practical advice on the realities of managing networks through profound…
BlueCat to the cloud- Webinar 1 (Jan 26th, 2021)
Where are you on the road to cloud adoption? Most network admins are struggling to keep up with Cloud and DevOps rapid delivery of new applications and…