New IDC Report: DNS Threat Intelligence for Proactive Defense

Year after year, the impacts and costs of DNS attacks continue to rise, causing severe damage. Based on a survey of 1,000 security experts, the new 2023 IDC Threat Report shows 90% of organizations suffered DNS attacks, costing $1.1M each. Highlighting the fundamental role of DNS in network security strategies, the report confirms that it is time now more than ever to strengthen protection via a purpose-built, integrated DNS security solution. DNS threat intelligence offers evolution to proactive defense, while DNS data and tools can be used to advance Zero Trust strategies, as well as to elevate ransomware detection.

Every Industry Suffers Multiple DNS Attacks Each Year

The results of the IDC survey showed that organizations across all verticals really need to start taking DNS Security very seriously. Almost every company is targeted, suffering on average 7.5 DNS attacks per year. Damage costs per attack have risen 20% to over $1M, with the range and frequency of each attack type having increased year on year, in particular DNS-based malware, ransomware, phishing and DDoS. Even more worrying are the impacts, with 73% suffering app downtime and 29% data theft. Aside from the direct financial problems caused, other implications include brand damage, regulatory issues, and customer churn.

Unfortunately, methods being used to combat the attacks are unsuitable, affecting business and service continuity. These include shutting down the DNS service, disabling the affected apps, and shutting down part of the network infrastructure. With close to 6 hours being taken to mitigate each attack, the necessity to move from these reactive measures to a more proactive form of defense via purpose-built DNS security is evident.

Fit DNS Threat Intelligence into Network Security Strategies for Proactive Defense

While 80% confirm DNS Security is critical for their network security, only 21% today are actually making use of DNS data as part of their cyber threat intelligence. DNS security needs to be viewed comprehensively, covering all aspects of an organization’s network to ensure no vulnerable points are overlooked. Organizations should therefore integrate DNS security seamlessly into their existing security infrastructure to create a unified defense against various cyber threats. Most importantly, to evolve from reactive to proactive defense, they must adapt their security strategies, focusing on continuous improvement and evolution to stay ahead of emerging attacks.

As quoted by IDC in the report: “DNS plays an important role in the implementation of various security concepts, helping to protect organizations against the threat landscape and ensure the security of their resources: users, devices, applications, and services.”

These security concepts include cyber threat intelligence, the extended enterprise, Zero Trust, SASE, data privacy, and Shadow IT. Below are highlights of the IDC report coverage regarding these topics:

Augmenting Cyber Threat Intelligence

Cyber threat intelligence has emerged as a pivotal aspect of cybersecurity defense, with 60% of organizations considering it a vital component of their company’s strategy and to defend against cyberattacks. As part of this, there is a proven need for specialized DNS threat intelligence brought by actionable DNS data. Among the benefits listed by survey respondents were detection of malware, phishing, and ransomware, as well as improved access control to apps and data. Today, DNS data is being severely underutilized, so organizations really need to make sure they start using it.

DNS feeds, such as EfficientIP DNS Threat Pulse, are a key component of DNS threat intelligence. Ideally, these feeds need to be created by applying innovative algorithms to curated, consolidated DNS data.

Securing the Extended Enterprise

When securing modern IT infrastructures, challenges include complexity, scale, number of devices, remote workers, visibility, and access control. Private enterprise DNS security brings significant benefits to the extended enterprise, by providing comprehensive visibility and control over network traffic. Organizations can protect their data, users, applications, and assets from advanced threats, with the same robust security policies and features, regardless of where they are located. 

Participants surveyed view DNS as critical in securing the on-premise workforce (74%), remote workers (77%), IoT (54%), Cloud (84%), and data centers (70%).

Moving Zero Trust Forward

Zero Trust models deliver robust security and strengthen a business’s cyber-resilience.  But unfortunately, adoption has been slow, due to complexity challenges of sprawling IT estates, legacy technologies, multiple security vendors, and disparate cloud platforms. DNS offers simple steps for organizations to move forward on their zero trust journey, by helping ensure only authorized users, apps are allowed to access sensitive resources.

DNS provides additional layers of security, visibility, and control over network traffic. It brings early access control and threat detection, so is naturally the first line of defense. 58% make use of DNS granular access control to enforce security policies and restrict app access. Network segmentation based on access policies means that, should a compromise occur in a network segment, the malicious code, executable, or other security breach factor can be virtually isolated and thus prevented from lateral movement.

Earlier Detection of Ransomware

In recent years, ransomware attacks have become more targeted to maximize profits and cause brand damage. 85% of malware today are using DNS to develop their attack. Analysis of DNS traffic can therefore help identify suspicious activity, such as unveiling zero-day malicious domains used for data exfiltration by ransomware. As a consequence, 54% of organizations now use DNS security for ransomware and malware protection.

DNS filtering in particular is a very effective way to block access to known malicious domains. This helps prevent ransomware from communicating with its command and control (C&C) servers, thwarting the attack before it can cause any damage. DNS filtering can also be used to block access to known phishing sites, preventing ransomware attacks from being initiated in the first place. By responding to ransomware attacks quickly, potential risk of reputation damage or financial loss is minimized.

Strengthening Data Protection, Privacy and Compliance

The growing concern over global cybersecurity threats and data breaches is reflected by data protection and privacy regulations multiplying and becoming increasingly strict. The most commonly known include GDPR, PDPA, CCPA, CPRA, and NIS2. Being a specialized layer of defense, DNS helps organizations achieve regulatory compliance by providing domain filtering, data privacy, logging and analysis, and compliance reporting on DNS traffic. 

For strengthening data protection, DNS complements traditional security systems. 59% of companies report that DNS security helps prevent data exfiltration by detecting improper DNS flow and blocking related traffic. It also overcomes data privacy risks associated with DNS Over HTTPS (DoH) used with public or free providers (45% highlighted this risk). A private DoH solution strengthens data privacy by encrypting DNS traffic and preventing unauthorized access to DNS data. Queries and responses can no longer be intercepted or monitored by persons having access to the network traffic.

Handling Ungoverned Network Activity & Shadow IT

With modern networks comprising multiple cloud, on-premise, and remote environments, obtaining a unified view of network activity has become extremely challenging. IT staff are left with blind spots and gaps in visibility, which are frequently exploited by attackers.

DNS is a central component for achieving complete visibility and observability over clouds, apps and devices (including IoT). It provides relevant data for identifying and responding to potential threats and ungoverned services. 50% of organizations expect to gain visibility into all connected assets with insightful DNS data. Unauthorized developments or use of resources can be detected, such as rogue databases or unapproved cloud services. In addition, DNS data is viewed as a top solution for handling compliance and security risks resulting from Shadow IT, ahead of firewalls (using DPI) and Proxies.

Sharing DNS Security Events with Ecosystem for End-to-End Defense

To move from reactive to proactive defenses, an integrated approach to security is required. For that, DNS is a fundamental component. Valuable DNS data can be shared with security systems like SIEM and SOAR via open APIs. Using DNS insights to implement security policies and automate security responses goes a long way towards improving SOC efficiency, as well as achieving end-to-end protection from cyber threats.

For empowering NetSecOps, 78% of organizations already use actionable DNS data for observability, monitoring, prevention, and remediation. DNS telemetry is leveraged to share data and security events with the SecOps team.

Key Recommendations

80% of organizations today acknowledge that DNS security is critical, but ever-rising costs and impacts of DNS attacks continue to cause severe damage. To harden network protection, DNS security tools and actionable data must be better utilized. These enable evolution to proactive defense and early threat detection, as well as bringing secure connectivity for anywhere-working. In addition, they offer an easy starting point for zero trust, ZTNA, zero-trust edge, and SASE strategies.

Key recommendations described in the report include:

1. Move to proactive defense by using DNS threat intelligence feeds
2. Strengthen your security posture with DNS observability
3. Accelerate threat remediation by integrating DNS data into your security ecosystem