DNS, DHCP & IP Address Management appliances
For Microsoft DNS & DHCP servers
For open source DNS & DHCP servers
Cloud-based visualization of analytics across DDI architecture
Manage multi-vendor cloud DNS servers centrally
RIR Declaration Management and Automation
Automated network device configuration and management
Centralized visibility over all your clouds
A single source of truth for your network automation
Why DDI is an Obvious Starting Point
DNS Threat Intelligence for proactive defense
Intelligence Insights for Threat Detection and Investigation
Adaptive DNS security for service continuity and data protection
Improve Application Access Control to prevent spread of attacks
Protect users and block DNS-based malware activity
Carrier-grade DNS DDoS attack protection
Optimize application delivery performance from the edge
for Proactive Network Security
Visibility, analytics and micro segmentation for effective Zero Trust strategy
Enable work from anywhere by controlling access, security and data privacy
Simplify management and control costs across AWS, Azure and GCP environments
Risk-free migration to reduce DDI complexity and cost
Move risk-free to improve performance, security and costs
Automate management, unify control and strengthen security of connected devices
Protect your network against all DNS attacks, data exfiltration and ransomware
Enable zero touch operations for network management and security
Improve resiliency, deployment velocity and user experience for SD-WAN projects
Integrated DNS, DHCP, IPAM services to simplify, automate and secure your network.
Simplify design, deployment and management of critical DDI services for telcos
Optimize administration and security of critical DDI services for healthcare
Simplify and automate management of critical DDI services for finance
Simplify and automate management of critical DDI services for higher education
Simplify and automate management of critical DDI services for retail
Simplify Management and Automation for Network Operations Teams
Open architecture for DDI integration
Technology partnerships for network security & management ecosystems
Extend security perimeters and strengthen network defenses
Submit requests for temporary licenses
Submit access requests for EfficientIP knowledge platforms
Submit membership requests for EfficientIP Community
Strengthen Your Network Protection with Smart DNS Security
Customer-centric DDI project delivery and training
Acquire the skills needed to manage EfficientIP SOLIDserver™
Identify vulnerabilities with an assessment of your DNS traffic
Test your protection against data breaches via DNS
Dedicated representation for your organization inside EfficientIP
Explore content which helps manage and automate your network and cloud operations
Read content which strengthens protection of your network, apps, users and data
Learn how to enhance your app delivery performance to improve resilience and UX
Why Using DNS Allow Lists is a No-Brainer
This enterprise-grade cloud platform allows you to improve visibility, enhance operational efficiency, and optimize network performance effortlessly.
Who we are and what we do
Meet the team of leaders guiding our global growth
Technology partnerships for network security and management ecosystems
Discover the benefits of the SmartPartner global channel program
Become a part of the innovation
The latest updates, release information, and global events
February 22, 2023 | Written by: Surinder Paul | Privacy Laws
APICyberthreatData PrivacyData TheftDNSDNS SecurityDNS SolutionEnterprise Network SecurityMalwareNISNIS 2
Today’s data-driven economy is being led by personal data, so naturally focus is turning more strongly to privacy and protection. New regulations have appeared over the last few years, with a rapid acceleration in regions such as North America and APAC.
While it’s only fair that regulators introduce these new laws with their associated fines for data breaches, companies are still finding it extremely challenging to ensure confidentiality of their data. Cybercriminals are smart guys – data theft and ransomware techniques are becoming more sophisticated – meaning traditional security solutions such as NGFW and IPS are unable to keep up. To efficiently detect data exfiltration hidden in network traffic, the most reliable method is end-to-end analysis of transactions going through the DNS.
Since its introduction in May 2018, GDPR has continued to hit hard. Example data protection fines include Facebook ($5Bn in July 2019), BA ($230m), and Equifax (over $575m). Travelex was another unfortunate ransomware victim, with threat actors claiming to have downloaded 5GB of sensitive company and customer data, including payment card information, birthdates and social security numbers. The European Data Protection Board (EDPB) has clarified that a ‘data breach’ does not just mean a loss of data, but it can also include data not being available, as was also the case of the WannaCry attack which affected the NHS.
Naturally, other countries have been monitoring GDPR and selecting relevant principles they wish to adopt. Among the many new regulations coming into force, the California Consumer Privacy Act (CCPA) took center stage. Other states quickly followed suit, with Nevada enacting its Senate Bill (SB-220) and New York modifying its SHIELD Act to strengthen data security and data breach notification laws. The US also uses regulations that cover specific areas of personal data, including the Health Insurance Portability and Accountability Act (HIPAA) for health data and the Children’s Online Privacy Protection Act (COPPA) to keep children protected online.
This year, Canada plans to strengthen data confidentiality with its Bill C-27: Consumer Privacy Protection Act (CPPA). The existing Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada carries penalties of up to $100,000 CAD per violation, and CPPA could increase those fines dramatically.
Another area that has become top of mind is protection of critical infrastructure.The Colonial Pipeline attack in the US is regarded as one of the most significant attacks on critical national infrastructure ever, and has led to further regulations. The US government, for example, has requested the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) to develop performance goals for critical infrastructure. And on the other side of the pond, the European Commission is using the NIS Directive to tackle critical infrastructure protection across the EU through mandatory cybersecurity requirements such as incident notification obligation. The scope is being expanded by NIS2, to help increase the level of cybersecurity in Europe in the longer term.
Worldwide, data protection is being recognized as a top priority for governments. Brazil’s first General Data Protection Law, the LGPD, came into force on August 15th 2020, covering many principles of data protection. Thailand’s PDPA was also launched, and South Korea introduced a new omnibus law to supplement its current PIPA (Personal Information Protection Act). Other countries who augmented their existing regulations included India for its PDPB and Australia’s NDB. And last year the Personal Information Protection Law (PIPL) came into effect in China. The associated volume of privacy data is highly impactful for business, in particular the international supply chain.
According to research from Bitdefender, 60% of businesses have experienced a data breach at some point, leading to worrying levels of breach fatigue for infosecurity managers. One major cause of this fatigue is the unacceptably high level of false alarms (over 50%) created by endpoint detection and response alerts. In addition, breaches are taking longer to detect, with malware often being hidden in normal network traffic. DNS in particular is a favorite target for hackers, as traditional security solutions like NextGen firewalls struggle to detect exfiltration of data until long after the event.
DNS traffic is not analyzed by a third of companies (Cisco Security Report). In addition, the high volumes make it difficult to efficiently track with existing network inspection tools, so cybercriminals therefore manipulate the DNS protocol – to act either as a tunneling or a ‘file transfer’ protocol – for stealing sensitive data.
Basic Firewalls simply blacklist remote malicious IPs so are ineffective against exfiltration. And traditional detection algorithms, focusing only on DNS packet frequency, payload, data encoding, or entropy of the requests, are able to filter only part of the malicious traffic. NGFW, anti-DoS and IPS also have no understanding of client context during DNS query exchanges, making it nearly impossible to accurately identify DNS tunneling used for command & control and data exfiltration.
So to discover (before it’s too late) that data is being exfiltrated, behavioral threat detection based on real-time analytics of DNS traffic is the only smart way.
When viewed between cache and recursive functions, DNS queries look atypical compared with normal traffic. Thus embedding a DNS security layer at the heart of the protocol – in the DNS server itself – and applying real-time DNS transaction inspection, enables network managers to assess validity of DNS traffic in the specific context of each enterprise. This permits the closing of back doors to data theft, unlike with DLP solutions which often do not take into consideration exfiltration via DNS.
With DNS traffic analytics a powerful base of intelligence can be built, allowing unknown (“zero-day”) malicious domains to be identified. It also helps differentiate between legitimate customers and malicious actors, eliminating risks of blocking legitimate traffic. And finally, it creates actionable event information to be sent to SIEMs and SOCs for accelerating remediation.
To enhance effectiveness against data exfiltration, businesses globally have begun to supplement traditional network security solutions with purpose-built DNS security offering real-time monitoring and analysis of DNS traffic. So even attacks trying to stay under the radar can be rapidly detected. Protecting data confidentiality in this manner will help businesses go a long way towards ensuring compliance with Bill C-27 as well as all other upcoming scary new data regulations.
When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.
Explore content highlighting the value EfficientIP solutions bring to your network
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site.