CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

More documents

Recommendations

Info

SaaS DNS Security: Are you Protected? By Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox Are Software as a Service (SaaS) security solutions truly the panacea they are publicized to be? The answer is, it depends on how the SaaS solution is architected. A majority of SaaS-only security solutions are “overlay” solutions that simply provide an additional layer of security on top of an enterprise’s existing network and security infrastructure. These overlay solutions are easy for the vendor to develop, but difficult for the customer to combine with other existing security solutions and derive value from. In contrast, a hybrid approach to security is one that tightly integrates SaaS solutions with an enterprise’s existing IT infrastructure and leverages SaaS capabilities to seamlessly extend and scale on-premise solution performance. With a hybrid solution, the vendor does the heavy lifting of seamless integration with existing infrastructure, thus providing a unified solution, which unlocks valuable context available from the on-premises infrastructure. Such context allows the hybrid solution to prioritize threats better. In addition, the unified solution enables sharing of data with broader security ecosystem for an efficient and optimized incident response. DNS as a Security Tool As enterprises gear up to handle the barrage of increasingly targeted and sophisticated cyber-attacks, security architects must take advantage of the visibility that each IT asset can provide. DNS is an excellent example of a scalable and pervasive network infrastructure protocol that offers unmatched visibility into network traffic patterns, malicious and otherwise. If used optimally, DNS can provide an affordable and scalable first line of defense for detection and mitigation of the vast majority of known threats. Behavioral analysis of DNS traffic can also serve as an “early warning system,” flagging potential zero-day threats in the network. 116
When it comes to DNS security, many organizations are interested in cloud-based SaaS-only solutions, which they think will be easier to implement and provide sufficient functionality to identify infected devices and protect against threats like malware and phishing attacks. SaaS for DNS security can be effective, but only when integrated with on premise systems. Overlay (SaaS-only) solution challenges The way most SaaS-only DNS security solutions work is to enable businesses to forward their DNS traffic to the cloud, where DNS queries are processed and potential malicious activity is detected and flagged. In order to identify the infected end host, these solutions require the deployment of DNS forwarding proxies (running on virtual machines) deep inside the enterprise network or the use of endpoint agents. As enterprises move their workloads into private and public clouds, deploying and managing these proxies can become even more complicated. Most enterprise DNS servers support the ability to block access to domains via configuration of response policy zones. By directing all DNS traffic to the cloud, SaaS-only solutions fail to leverage these existing security capabilities, which allow an enterprise to block the most egregious threats at the very first DNS server that detects it. Further, because overlay solutions do not integrate with the incumbent enterprise DNS architecture, they leave enterprise administrators stuck with operating two separate and siloed management systems and having to manually correlate data between the two. Beyond the inefficiencies of managing two separate DNS systems, an even more significant drawback is that you sacrifice visibility and security context. Specifically, overlay solutions are unable to leverage the rich contextual data available in the enterprise DNS, DHCP, and IP address management systems (DDI). This context can help with prioritization of security threats, a key requirement for security analysts who are swamped with alerts they can’t keep up with. Why a hybrid approach for DNS security To recap, a hybrid DNS security approach weaves security right into the network control fabric of the enterprise. Tight integration with the incumbent enterprise DNS, DHCP, and IPAM infrastructure simplifies deployment and management brings efficiency and scale and improves overall security efficacy and effectiveness. Hybrid solutions offer enterprises complete flexibility in terms of deployment options – the best combination of on premise and SaaS. And regardless of the deployment model, enterprises get all the benefits of integration with their DDI infrastructure: • Reduces complexity: Hybrid solutions take away the hassle of deploying proxies throughout the network. The on premise component of the solution can be configured to forward recursive DNS traffic to the DNS service in the cloud while preserving the ability to identify the end host 117
Page 1 and 2:
Data Breaches: Beyond Exposing Iden
Page 3 and 4:
CONTENTS (cont') Prioritizing Secur
Page 5:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 22 and 23:
Data Breaches: Beyond Exposing Iden
Page 24 and 25:
About the Author Kem Gay is an Inte
Page 26 and 27:
Rip Off the Band-Aid This leaves us
Page 28 and 29:
Why Biometric Data Use Poses Unique
Page 30 and 31:
• DNA Kits: If you purchased or u
Page 32 and 33:
How to be Workforce Ready and Stand
Page 34 and 35:
Maximiliano Gigli, a third-year cyb
Page 36 and 37:
Interestingly, the two groups diffe
Page 38 and 39:
Cross-site Scripting Is an Underrat
Page 40 and 41:
Stealing HTML5 web storage data: HT
Page 42 and 43:
Cybersecurity in New York City, the
Page 44 and 45:
A boom in cybersecurity startups se
Page 46 and 47:
illion risks and threats among its
Page 48 and 49:
Some Important Developments in the
Page 50 and 51:
About the Author Sharmistha Sarkar
Page 52 and 53:
employees to contractors and sub-co
Page 54 and 55:
The Internet of Things Engineering
Page 56 and 57:
About The Author Milica D. Djekic i
Page 58 and 59:
kind. Many of them require some kin
Page 60 and 61:
2019 Risks in Focus: Cyber Incident
Page 62 and 63:
However, the past year has also wit
Page 64 and 65:
Why Insider Threats Are One of the
Page 66 and 67: Unlike with outside security threat
Page 68 and 69: Organizations will also frequently
Page 70 and 71: The US Must Catch Up to Other Promi
Page 72 and 73: The fact is, the wider internationa
Page 74 and 75: Integrate Compliance and Regulation
Page 76 and 77: Security have and have-nots How org
Page 78 and 79: 1. People Having the right people c
Page 80 and 81: sources (such as syslog’s, Net Fl
Page 82 and 83: Limitations of Current Endpoint Sec
Page 84 and 85: For effective detection, most EDR s
Page 86 and 87: Why Wi-Fi Hacking Will Persist Desp
Page 88 and 89: About the Author Ryan Orsi is Direc
Page 90 and 91: questions such as, “Who added a w
Page 92 and 93: About the Author Josh Paape is an O
Page 94 and 95: for well-known, repeatable needs fi
Page 96 and 97: Overcoming Software Security Issues
Page 98 and 99: Implementing Security Checks at Str
Page 100 and 101: Phishing in the Dark: Employee Secu
Page 102 and 103: phishing threats. Furthermore, almo
Page 104 and 105: Unfortunately, once an application
Page 106 and 107: Software Should Come with a “Nutr
Page 108 and 109: vulnerabilities. If they find vulne
Page 110 and 111: I can't get no satisfaction, I can'
Page 112 and 113: How Organizations Should Choose a L
Page 114 and 115: load balancers capable of integrati
Page 118 and 119: associated with any security event
Page 120 and 121: 120
Page 122 and 123: 122
Page 124 and 125: 124
Page 126 and 127: 126
Page 128 and 129: 128
Page 130 and 131: 130
Page 132 and 133: 132
Page 134 and 135: 134
Page 136 and 137: 136
Page 138 and 139: 138
Page 140 and 141: 140
Page 142 and 143: 142
Page 144 and 145: 144
Page 146 and 147: 146
Page 148 and 149: 148
Page 150 and 151: We’ve launched http://www.CyberDe
Page 152 and 153: Marketing and Partnership Opportuni
Page 154 and 155: Regent University’s Institute for
Page 156 and 157: 156
show all

CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?