DNS, DHCP & IP Address Management appliances
For Microsoft DNS & DHCP servers
For open source DNS & DHCP servers
Cloud-based visualization of analytics across DDI architecture
Manage multi-vendor cloud DNS servers centrally
RIR Declaration Management and Automation
Automated network device configuration and management
Centralized visibility over all your clouds
A single source of truth for your network automation
Why DDI is an Obvious Starting Point
DNS Threat Intelligence for proactive defense
Intelligence Insights for Threat Detection and Investigation
Adaptive DNS security for service continuity and data protection
Improve Application Access Control to prevent spread of attacks
Protect users and block DNS-based malware activity
Carrier-grade DNS DDoS attack protection
Optimize application delivery performance from the edge
for Proactive Network Security
Visibility, analytics and micro segmentation for effective Zero Trust strategy
Enable work from anywhere by controlling access, security and data privacy
Simplify management and control costs across AWS, Azure and GCP environments
Risk-free migration to reduce DDI complexity and cost
Move risk-free to improve performance, security and costs
Automate management, unify control and strengthen security of connected devices
Protect your network against all DNS attacks, data exfiltration and ransomware
Enable zero touch operations for network management and security
Improve resiliency, deployment velocity and user experience for SD-WAN projects
Integrated DNS, DHCP, IPAM services to simplify, automate and secure your network.
Simplify design, deployment and management of critical DDI services for telcos
Optimize administration and security of critical DDI services for healthcare
Simplify and automate management of critical DDI services for finance
Simplify and automate management of critical DDI services for higher education
Simplify and automate management of critical DDI services for retail
Simplify Management and Automation for Network Operations Teams
Open architecture for DDI integration
Technology partnerships for network security & management ecosystems
Extend security perimeters and strengthen network defenses
Submit requests for temporary licenses
Submit access requests for EfficientIP knowledge platforms
Submit membership requests for EfficientIP Community
Strengthen Your Network Protection with Smart DNS Security
Customer-centric DDI project delivery and training
Acquire the skills needed to manage EfficientIP SOLIDserverâ„¢
Identify vulnerabilities with an assessment of your DNS traffic
Test your protection against data breaches via DNS
Dedicated representation for your organization inside EfficientIP
Explore content which helps manage and automate your network and cloud operations
Read content which strengthens protection of your network, apps, users and data
Learn how to enhance your app delivery performance to improve resilience and UX
Why Using DNS Allow Lists is a No-Brainer
This enterprise-grade cloud platform allows you to improve visibility, enhance operational efficiency, and optimize network performance effortlessly.
Who we are and what we do
Meet the team of leaders guiding our global growth
Technology partnerships for network security and management ecosystems
Discover the benefits of the SmartPartner global channel program
Become a part of the innovation
The latest updates, release information, and global events
February 8, 2017 | Written by: EfficientIP | DNS Security, GDPR, Privacy Laws
Command and ControlComplianceData exfiltrationData protectionDNSDNS SecurityDNS SolutionDNS TunnelingGDPRGlobal DNS
The implementation of the EU’s new General Data Protection Regulation (GDPR) is now a bit more than a year away. It’s a wide-reaching set of rules which you must comply with if you’re holding data about European citizens. Compliance doesn’t need to be difficult though, as much of GDPR is focused on how you handle data loss and network breaches. To avoid catastrophic fines after breaches, the easiest way to become compliant is simple: you need to enhance your security.
However, it’s important not to take this advice lightly: data breaches have significant effects on those whose data is stolen; and with GDPR that data loss will now reflect on companies that have breached. The result is the possibility of large fines – from 2% to 4% of global revenue; as well as sanctions that can force organizations to stop processing user data.
There are many ways to protect data, but the one that is often neglected is data exfiltration via the DNS. A new IDC report looks at how DNS-based attacks have become a significant risk that must be considered as part of your GDPR preparation.
DNS exfiltration is often part of an advanced persistent threat-based attack. Attackers inside your network spend time finding valuable data, but then have to remove it. While most security systems in use block obvious data transfer mechanisms like FTP, common internet protocol like DNS are often left unsecured. That gives attackers a loophole; one where connections to arbitrary servers aren’t blocked.
There are two ways data can be extracted over your network using DNS. Both rely on the attacker having software that can encode your data, and then use various DNS techniques to transmit data to remote servers. The first option is purely focused on extraction, and embeds blocks of encoded data within requests to an attacker’s own DNS server. It’s a slow way of extracting data, but when it comes to valuable details like credit card information, it’s certainly effective. The second approach, DNS tunneling, uses DNS as not just a way of extracting data, but by encoding data in alternate names for servers. This way, it’s able to offer attackers a command and control channel for their tools. Tunneling is also a relatively fast way of extracting data, with one known attack delivering 18,000 credit card numbers a minute to an attacker’s server.
So why are attackers using DNS? There are two main reasons.
The first, and most obvious, is that we’ve actually got quite good tools at detecting exfiltration via HTTP and FTP, the two most common protocols. Data loss prevention tools and next generation firewalls focus on those technologies, locking down the easiest routes out of your network. That forces attackers to explore and experiment with other protocols, and take advantage of those, like DNS, that aren’t blocked by traditional security tooling.
The second, and perhaps more important, is that it’s easy to hide exfiltrated data in amongst the normal operation of a DNS service. Many common internet services use DNS; which means that most DNS servers are constantly busy. Then there’s the additional problem of living in a world where BYOD and customer Wi-Fi are prolific, making access to DNS by devices that we don’t know and don’t manage an everyday occurrence. The sheer volume of traffic makes it hard to see the requests used for DNS exfiltration, especially when they can be spaced out over time using statistical techniques to look like normal traffic.
So how can you protect your networks? Traditional monitoring techniques have a risk of blocking legitimate traffic. After all, just because a DNS request is going to an unknown server doesn’t mean it’s malicious; the decentralized architecture of the global DNS service makes it impossible to know every server in use.
To understand what’s happening in your DNS services, you need to embed security tools into your DNS servers, the heart of DNS. That’s where you can analyze packet contents to see just what is happening in your networks. The result is deep inspection of DNS traffic, analyzing payloads and analyzing traffic.
Once you’ve identified malicious DNS traffic in your network, you can start to apply mitigations. One option is to block malicious domains as soon as they’re identified; and use DNS reputation tools to reduce the risks of both false positives and false negatives. You can also examine the traffic from specific suspicious devices on your network to further target suspicious activities.
Keeping on top of DNS security can help with GDPR compliance, as it’s not purely a matter of avoiding breaches – it’s also a matter of timely reporting if data has been stolen. If you report breaches to the appropriate data protection bodies (for example, in the UK, to the Information Commissioner’s Office) within 72 hours, you remain compliant. If new techniques and zero-day attacks have been used to exfiltrate data, you will need tools to log all your DNS data. Once logged, you will also need to explore those logs regularly to find previously undiscovered advanced persistent threats in your network (with large DNS logs, this can be like finding a needle in a haystack).
Log file analysis at this scale with a traditional DNS server can be a significant issue: you’re either having to work with batch data well after the event, allowing data to be stolen without you knowing, or you’re going to have to either statistically sample or slow down DNS traffic to allow log file search tools to work. Either way you’re risking user data, which increases the odds of being out of compliance with the GDPR.
Alternatively, you can use a modern DNS server that’s able to identify attacks quickly or in real-time, using real-time transaction analysis – which gives you the option of blocking data exfiltration as soon as it is spotted by the DNS server analysis tools.
You may well have deployed a hefty set of security tools, with a focus on data loss prevention. But DNS exfiltration is being used by attackers to get around your security perimeter, so what can you do to ensure your DNS doesn’t risk your GDPR compliance?
You’re going to need tools that operate inside your DNS servers, tools that can analyze your DNS traffic and spot outliers, helping you locate suspicious clients that are tunneling data out your network over DNS. Once you’ve identified malicious DNS traffic, you can use countermeasures to block exfiltration – and protect your network from other attacks that can take advantage of this critical protocol.
We are in an increasingly dangerous world; and one where data is valuable to companies – and to attackers. GDPR puts an onus on companies to be as secure as possible, with significant penalties for failure. That requires doing much more than protecting your databases, but protecting every part of your IP networks as well.
When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.
Explore content highlighting the value EfficientIP solutions bring to your network
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site.