The Need for DNS-Layer Security

While the nation spent most of 2020 in lockdown, cyber criminals have been busy. According to IT Pro, cyber attacks on UK business increased by over 20% last year. The figures are staggering, on average each UK business faced 686,961 attempted attacks last year, this equates to an attack every 46 seconds.

This increase in malicious activity is largely attributed to cyber criminals looking to exploit the fact that many employees are currently working from home and often circumvent the corporate VPN and leverage direct internet access. ESG research showed that 85% of organisations believe that remote workers violate VPN policy and 78% of organisations see remote users as the most vulnerable targets for an attack.

Where Are We Vulnerable

The vulnerability comes from end-users unsuspectingly visiting website or servers that are being used to stage attacks, either during the course of browsing the internet or clicking on a seamlessly harmless link. These are not easy to spot, on the surface they look like legitimate sites, sometimes even cloned sites, there are no alarm bells that ring when you enter the sites and often it is months before an infection is activated and starts doing damage.

Whereas most organisations utilise corporate network-based firewalls and security built into the operating system of end-user devices, these rely on keeping one step ahead of the cyber criminals and being able to detect malware or command and control call-backs, unfortunately as attacks get more sophisticated and persistent, these lines of defence are not always 100% successful.

The Value of DNS-Layer Security

Every organisation utilises a DNS service, normally provided by their ISP. This allows domain names to be mapped to an actual IP address and enables requests to be routed to the appropriate website, application or server. By placing security around this process, it is possible to block access to potential malicious locations before a connection is established.

There are a number of checks that can be put in place at the point of DNS look-up, a company can maintain a list of domain names that it wants to block, it can also define categories of content that it defines as inappropriate and as such deny access, but more importantly, it can use real-time threat intelligence to prevent connection to those sites that are deemed as presenting a threat.

The Value of Cisco Umbrella

One of the leading solutions in this area is Cisco Umbrella that not only enables you to configure your corporate network to pass DNS requests through its security filtering, but also enables you to point end-user devices through Umbrella to protect them when not on the VPN but leveraging direct internet access.

To end-users, Cisco Umbrellas appears just like any other DNS server, it is always on, leverages a network of global data centre to provide the fastest possible response, however, Umbrella is doing far more than just providing a DNS look-up.

It allows you to define your own block list or categories of content that you wish to restrict, but its real value comes from how it leverages threat intelligence to protect your company, your network and your end-users. Powered by Cisco Talos, Umbrella is analysing hundreds of billions of internet requests every day and through researchers and machine learning is understanding the threat landscape. All of the time it is identifying the infrastructure that is being used to launch attacks or to stage potential future attacks. It is enforcing blocks on over 7 million unique malicious domains and every day is identifying and adding around 60,000 new destinations to its block list.

The Impact on Your Holistic Security

DNS-layer security like Cisco Umbrella does not replace the security solutions and appliances that you have in place today but provides that additional layer of protection over the top. It has been shown to reduce malware by more than fifty percent and it does this not by detecting at the point of attempted breach but preventing unsuspecting users from connecting to these malicious locations in the first place.

This reduces the pressure on your other layers of security, reducing the amount of incidents and enabling you to focus on those potential breaches that could severely damage your business.

Prove The Value

The best way to see the impact that DNS-layer security can have in protecting your end-users is to trial it in your environment. ONI is offering organisations a free of charge 14-day trial of Cisco Umbrella. It is easy to put in place, no hardware or software to install, you simply point your DNS to the Umbrella cloud-based service, it takes a couple of minutes. What you will see is the impact that it can have, a full list of the requests that have been blocked and the potential threats that have been detected and avoided.

To request your free trial with ONI simply visit our Cisco Umbrella page.