Is your cyber “Great Wall” really just a Maginot Line?

Perimeter defenses seem to be the default for every security system. From the Great Wall of China to medieval castles to proposed “border walls”, we assume that the best defenses are those which separate “us” from “them”.

Cybersecurity is no different. Perimeter defenses continue to be the primary focus for most cybersecurity stacks. The standard assumption in all of this is that the wild, unruly internet can be separated from the fully trusted internal network.

Breach after breach has shown that this simply isn’t the case. If CISOs think they’re building a cyber Great Wall, they’re more likely to end up with the Maginot Line – a perimeter defense that looks impressive (and probably costs a lot of money), but one which is easily skirted by malicious actors.

The importance of internal network protections

Today’s cybersecurity environment requires equal (if not more) attention to what lies inside the network boundary. With phishing attacks becoming ever more sophisticated, it only takes one errant click for malware to spring up on an endpoint device. It’s important to have tools in place to monitor internal traffic and limit what devices can access, reducing the attack surface when a device is compromised.

The role of DNS

At BlueCat, we use DNS security to turn wall-based cyber defenses into more sophisticated, counter-insurgency style defenses. DNS security assumes that your network is either already breached or will be soon. Through constant monitoring and application of security policies to internal network traffic, BlueCat’s client-facing approach to DNS security helps to root out the malware which is already acting under the radar.

Lateral movement, beaconing, establishing command and control – malware almost always requires DNS to establish a foothold on the network. Malicious actors assume (correctly) that most cybersecurity administrators aren’t paying attention to DNS – they consider it “plumbing” or part of the network team’s responsibility. This is where a client-facing DNS security system pays dividends, identifying the low-level tactics of malware and insiders, intervening before they find what they’re looking for.

Redefining the network boundary

Perhaps it’s time to rethink where the cybersecurity perimeter really lies. The increasing use of DNS in malware shows that the best “perimeter” defense really lies inside the network. Being able to wall off compromised devices, question the validity of DNS queries from those devices, and apply security policies which restrict access to critical data – these create a more granular level perimeter where today’s most damaging breaches tend to occur.

Learn more about BlueCat’s DNS security systems here.


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Enhance RBAC for Microsoft DNS and DHCP servers with Micetro

Learn how easy it is to implement enhanced role-based access controls for Microsoft DNS and DHCP server environments with Micetro.

Read more

Micetro 11.1 boosts DHCP management for Cisco Meraki SD-WAN

Learn how BlueCat Micetro 11.1 can help you overcome the limitations of Cisco Meraki SD-WAN devices to manage your distributed DHCP architecture.

Read more
Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Modern network complexities can introduce security risks, operational risks, and create huge operational expense for your organization when not properly managed. Join our webinar on February 26 to learn how BlueCat helps you augment your Cisco implementations.