Perimeter defenses seem to be the default for every security system. From the Great Wall of China to medieval castles to proposed “border walls”, we assume that the best defenses are those which separate “us” from “them”.
Cybersecurity is no different. Perimeter defenses continue to be the primary focus for most cybersecurity stacks. The standard assumption in all of this is that the wild, unruly internet can be separated from the fully trusted internal network.
Breach after breach has shown that this simply isn’t the case. If CISOs think they’re building a cyber Great Wall, they’re more likely to end up with the Maginot Line – a perimeter defense that looks impressive (and probably costs a lot of money), but one which is easily skirted by malicious actors.
The importance of internal network protections
Today’s cybersecurity environment requires equal (if not more) attention to what lies inside the network boundary. With phishing attacks becoming ever more sophisticated, it only takes one errant click for malware to spring up on an endpoint device. It’s important to have tools in place to monitor internal traffic and limit what devices can access, reducing the attack surface when a device is compromised.
The role of DNS
At BlueCat, we use DNS security to turn wall-based cyber defenses into more sophisticated, counter-insurgency style defenses. DNS security assumes that your network is either already breached or will be soon. Through constant monitoring and application of security policies to internal network traffic, BlueCat’s client-facing approach to DNS security helps to root out the malware which is already acting under the radar.
Lateral movement, beaconing, establishing command and control – malware almost always requires DNS to establish a foothold on the network. Malicious actors assume (correctly) that most cybersecurity administrators aren’t paying attention to DNS – they consider it “plumbing” or part of the network team’s responsibility. This is where a client-facing DNS security system pays dividends, identifying the low-level tactics of malware and insiders, intervening before they find what they’re looking for.
Redefining the network boundary
Perhaps it’s time to rethink where the cybersecurity perimeter really lies. The increasing use of DNS in malware shows that the best “perimeter” defense really lies inside the network. Being able to wall off compromised devices, question the validity of DNS queries from those devices, and apply security policies which restrict access to critical data – these create a more granular level perimeter where today’s most damaging breaches tend to occur.
Learn more about BlueCat’s DNS security systems here.
DDI Day: Kudos, awards, and insights from pioneers
BlueCat’s DDI Day on April 13 celebrated network infrastructure professionals, gave awards to superstars, and drew insight from DNS and DHCP pioneers.
Everything you need to know about shadow IT
When users implement their own solutions behind the IT team’s back, that’s shadow IT. Learn about the risks and how to manage and reduce it with BlueCat.
Five network pros’ manual error horror stories
Members of BlueCat’s Network VIP community detail the errors they committed, the resulting fallout, and what important lessons they learned.
10 best Ansible modules for infrastructure as code
10 (plus a bonus) Ansible automation modules that anyone—from a beginner to a power user—can leverage to transform their network infrastructure to code.