Threat Management

How threat intelligence can protect DNS and more

Second of a three-part series on security for SMBs…

In the previous article, Webroot, an OpenText company, recommended that SMBs not try to swallow the proverbial ocean of security options at once and instead focus on five steps to create a solid cybersecurity grounding that can help them make the most of their efforts.

While those steps are a starting point, IT security professionals also need to pay close attention to another popular vector for today’s cyber attackers: hijacking Domain Name System (DNS) servers.

Recently, the National Security Agency (NSA) issued an advisory on DNS that included the implications of attacks made on DNS and the benefits of the new encrypted DoH (DNS over HTTPS) protocol standard. In addition, Internet Corporation for Assigned Names and Numbers (ICANN) issued a warning in 2019 on its belief that there is an ongoing and significant risk to key parts of the DNS infrastructure, urging domain owners and DNS services to migrate to using Domain Name System Security Extensions (DNSSEC) as soon as possible.

Based on these advisories, Webroot recommends following DNSSEC standards to secure your DNS servers and adopting DoH:

  • Similar to how the NSA recommends, all organizations should privatize their DNS connections by taking control over their DNS traffic. It should not be a situation where requests leave your network and you rely on an internet service provider to secure your data or apply security filtering, as they do not.
  • While there is the potential to lose “visibility and intelligence” by adopting DoH, we believe that the benefits far outweigh the disadvantages. With our approach we offer a way to get the best of both worlds, by establishing both the security and privacy of the connections and providing total visibility through either full or selective (GDPR compliance) logging of all the Internet traffic. Adding protective DNS filtering and internet access controls blocks most unknown malicious requests, whether from a network device or a user system.
  • DNS security and strong endpoint protection are two fundamental security basics that are essential to safer Internet usage.

Applying the most timely, accurate and reliable Internet threat intelligence within a protective DNS security filtering service is a way for SMBs to minimize internet connectivity risks and enforce security connection policies and Internet access that is fully automated, private, secure and accountable.

But threat intelligence offers so much more. Threat intelligence is evidence-based and informs you on existing or in-process threats. It can be difficult for SMBs to incorporate threat intelligence into their security posture as they often do not have the security analysts or in-house tools to integrate and benefit from real time or near real-time threat intelligence.

The easiest way for SMBs to leverage threat intelligence is via its inclusion in their technology stack, or in external security services like Managed Detection and Response (MDR), where it helps make automated, accurate and proactive security decisions based upon contextualizing data from many sources. MDR provides a holistic intrusion detection approach to stopping malware and malicious activity throughout a network and rapid (often automated) incident response to isolate and then eliminate threats in short order.

Other ways we leverage threat intelligence

  1. Exporting real-time endpoint protection telemetry data either into an in-house SIM/SIEM, syslog server or to an external MDR service. Endpoint data can then be correlated and contextualized against other threat data from other sources to stop attacks.
  2. By providing real and near real-time threat feeds like collective file intelligence, real-time anti-phishing, IP, Domain and mobile application data to secure systems PC or mobile devices from a range of attack vectors.

In the next installment, we’ll cover defense-in-depth for SMBs in the age of COVID-19 and beyond.

George Anderson, Director of Product Marketing, OpenText SMB&C

George Anderson has spent the past 20 years in the IT Security industry in roles. He is currently responsible for product marketing for Webroot business security products – Endpoint and DNS Protection and Webroot Security Awareness Training.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.