Networks and the internet are reliant on domain name servers, dynamic host control protocol, and IP address management. These three technologies — grouped together as DDI (DNS, DHCP, IPAM) — are central to the way things work but that also makes them a tempting target.
We spoke to Ronan David, chief of strategy at EfficientIP to find out why DDI is so vital to online security and how automation can help with defense.
BN: Why is DDI so important and why particularly now?
RD: That’s a very good question, these services are very old technology which are still absolutely required for networks to operate. We are seeing in the last few years a dramatic increase in terms of network complexity, devices, applications, application networks are all more and more distributed. At the moment if you want to make a connection securely and dynamically between users and applications, you need to rely on on DDI services.
That’s why today, if you’re wanting to deliver end to end automation, or if you’re wanting to truly secure your network infrastructure, you have to take in to consideration DDI services. Because otherwise it’s just not possible to dynamically deploy your services. So, just an example with functions virtualization. If you want to take full advantage of virtualization and be able to deploy a new server in few minutes, you will have a lot of different technologies to reach that objective. The server is not connected to the network until the setup gets an IP address, and the application is not visible to all users until the minute the application gets the domain name. DDI really comes down to getting access to the network to any devices and then make all applications visible.
BN: Has this been brought to the fore by the pandemic effect?
RD: The pandemic has highlighted a need to put in place a lot of different technology in order to continue to work. So of course it has accelerated the need for this type of technology and the security aspects to be effective. Threats around DNS names are more and more important. We’ve seen a proliferation of phishing attempts around names with millions of domains being traded, the threat is extremely dynamic. DNS is part of the security arsenal.
BN: How can companies better protect themselves against these threats?
RD: In the past we’ve not always taken into consideration that these things could potentially be targets for hackers, but now, things are evolving. The first level of defense around DNS uses standard technologies like firewalls. This is good, but today we need to move to the next step as it was in the past for securing email services. You cannot rely on a generic security system if you want to effectively and efficiently protect your email services, you need a purpose built technology. Similarly if you really want to protect your DNS services you need to have built-in security.
DNS can be the target, meaning that if you’re bringing down a DNS server of course it will have implications because no more applications will be available for users within the company, or you will be disappeared from internet if we are talking about DNS services. So it’s really hurting business continuity and awareness. But DNS is also a threat vector. Meaning that it’s the other aspect in the cyber kill chain. It’s not only a target, it’s also a threat vector used by malware. According to a recent Cisco survey between 85 to 90 percent of malware is using DNS to develop the attack. So these aspects have also to be taken in consideration by a large organization.
BN: Are we going to be relying on automation and artificial intelligence to improve protection?
RD: The ability to deliver some analytics on the infrastructure is absolutely key. The challenge behind this is the level of data you have to handle because you have a lot of requests per second. You need to have a solution which can deliver these DNS traffic analytics on the fly and do it between users and the destination of the request, this is the challenge.
Automation is effectively another aspect to improve security more in the response. Real time DNS traffic analysis is absolutely key in order to be able to see threats that are hidden in the traffic. And also then to automate the response because of course you need a response that can be executed purely at the DNS level. But it also has to be an efficient security system with a global approach where security products are connected to each other in order to automate end to end security response.
You need to make sure that you’re not only providing basic amounts of information you need to be able to deliver very well qualified security audits. This is where a purpose built solution is making more sense, because it’s enabling you to do more precise threat detection and then be able to send send alerts at the right moment for good reasons.
BN: How does this tie in with remote working solutions like VPNs?
RD: When people are working remotely, if they want to get access to the corporate resources, most of the time organizations open VPNs in order to connect remote workers to those internal resources. So in deployments due to the pandemic this is where DNS is also an important component to take into consideration because either you are offering to your remote users DNS security through the VPN, or you can deliver this security using geo-edge. It’s another option so that you make sure that you are offering a cloud-based security solution that is that open for your remote workers, but still over which you have a full control because you are not relying on a third party technology.
BN: Smaller companies obviously don’t have as big a security team, how important is it to make this as easy as possible for them?
RD: We need to offer services that are updated automatically, especially with regard to threat intelligence services. They then see a list of identified threats to date. For them to do this on their own, of course, is much more complicated, the system needs to be updated automatically so that you are continuously, in real time, protected against threats.
You also need to be more proactive by using user behavior and threat detection. Then you can anticipate and detect threats that are not yet known, such as zero day malicious domains.
Image credit: bluebay / Shutterstock