The future of the workplace is undoubtedly a remote workforce, accessing the corporate network via mobile devices and the cloud. This is likely to cause a few sleepless nights for the teams traditionally responsible for managing network security on-premise. With remote working, data breaches will become commonplace. Networks will be infiltrated with malware due to an increase in roaming or off-network access.
Vulnerable and unsecure
At the root of many of these breaches, and the damage and stress that accompanies them, lies the DNS, or domain name system. Often referred to as the address book of the internet, DNS sits at the heart of every organisation’s IT network, translating domain names into machine-readable IP addresses. Despite most internet communications relying on DNS, however, it is inherently vulnerable and not sufficiently secured, resulting in weaknesses that can be exploited for criminal ends.
Due to its position at the core of the network, DNS is often the first part of an organisation’s infrastructure to see the majority of malicious activity and should, therefore, be considered an organisation’s first line of defence.
The mobile options
Meeting the demand for greater speed and mobility means that internet traffic from mobile workers tends not to be backhauled to an organisation’s network via corporate points of presence such as servers or routers. As a result, DNS traffic to and from an organisation’s mobile users will not generally be visible to corporate security monitoring.
The growing shift towards a more mobile workforce makes it important, therefore, for organisations to adopt a hybrid approach to DNS security that will protect both on-premise and mobile users; a combination of on-premise DNS security as mentioned above, and one of the following approaches to maintaining DNS security in a mobile environment.
Agent software, for example, can be installed on a mobile device and reroute DNS traffic to a cloud-based DNS security solution that can monitor client-side behaviour to detect malicious or suspicious DNS activity. And in cases where it isn’t possible to install an agent, configuration settings on a mobile device can be set to proxy mobile device traffic through services often referred to as cloud access security brokers, or CASB.
DNS as an asset
If not given proper consideration within an organisation’s security plans, DNS can provide an easy point of entry for malicious actors intent on disrupting networks, and accessing and exfiltrating sensitive information. And the problem is growing. As sophisticated cybercriminals continue to develop new techniques and tactics to exploit vulnerabilities in DNS services, the increasing demand to support a growing mobile workforce opens up additional attack vectors.
DNS services and data can be used as an asset in the security chain, however. By taking a hybrid approach of on-premise DNS security together with a cloud-delivered solution, organisations are able to protect not just the users within their corporate network, but also those based in branch offices, and those who increasingly opt to work remotely.
By Ashraf Sheet, Regional Director, MEA at Infoblox.