DNS, DHCP & IP Address Management appliances
For Microsoft DNS & DHCP servers
For open source DNS & DHCP servers
Cloud-based visualization of analytics across DDI architecture
Manage multi-vendor cloud DNS servers centrally
RIR Declaration Management and Automation
Automated network device configuration and management
Centralized visibility over all your clouds
A single source of truth for your network automation
Why DDI is an Obvious Starting Point
DNS Threat Intelligence for proactive defense
Intelligence Insights for Threat Detection and Investigation
Adaptive DNS security for service continuity and data protection
Improve Application Access Control to prevent spread of attacks
Protect users and block DNS-based malware activity
Carrier-grade DNS DDoS attack protection
Optimize application delivery performance from the edge
for Proactive Network Security
Visibility, analytics and micro segmentation for effective Zero Trust strategy
Enable work from anywhere by controlling access, security and data privacy
Simplify management and control costs across AWS, Azure and GCP environments
Risk-free migration to reduce DDI complexity and cost
Move risk-free to improve performance, security and costs
Automate management, unify control and strengthen security of connected devices
Protect your network against all DNS attacks, data exfiltration and ransomware
Enable zero touch operations for network management and security
Improve resiliency, deployment velocity and user experience for SD-WAN projects
Integrated DNS, DHCP, IPAM services to simplify, automate and secure your network.
Simplify design, deployment and management of critical DDI services for telcos
Optimize administration and security of critical DDI services for healthcare
Simplify and automate management of critical DDI services for finance
Simplify and automate management of critical DDI services for higher education
Simplify and automate management of critical DDI services for retail
Simplify Management and Automation for Network Operations Teams
Open architecture for DDI integration
Technology partnerships for network security & management ecosystems
Extend security perimeters and strengthen network defenses
Submit requests for temporary licenses
Submit access requests for EfficientIP knowledge platforms
Submit membership requests for EfficientIP Community
Strengthen Your Network Protection with Smart DNS Security
Customer-centric DDI project delivery and training
Acquire the skills needed to manage EfficientIP SOLIDserver™
Identify vulnerabilities with an assessment of your DNS traffic
Test your protection against data breaches via DNS
Dedicated representation for your organization inside EfficientIP
Explore content which helps manage and automate your network and cloud operations
Read content which strengthens protection of your network, apps, users and data
Learn how to enhance your app delivery performance to improve resilience and UX
Why Using DNS Allow Lists is a No-Brainer
This enterprise-grade cloud platform allows you to improve visibility, enhance operational efficiency, and optimize network performance effortlessly.
Who we are and what we do
Meet the team of leaders guiding our global growth
Technology partnerships for network security and management ecosystems
Discover the benefits of the SmartPartner global channel program
Become a part of the innovation
The latest updates, release information, and global events
January 30, 2020 | Written by: EfficientIP | DDI, DNS Security, Privacy Laws
APIComplianceCyberattacksData exfiltrationData PrivacyData protectionData TheftDDIDDI ManagementDDI ServicesDDI SolutionsDNSDNS TunnelingEnterprise Network SecurityGDPRMalwareRansomware
Today’s data-driven economy is being led by personal data, so naturally focus is turning more strongly to privacy and protection. New regulations have appeared over the last few years, but 2020 will see a rapid acceleration, particularly in regions such as America and APAC.
While it’s only fair that regulators introduce these new laws with their associated fines for data breaches, companies are still finding it extremely challenging to ensure confidentiality of their data. Cybercriminals are smart guys – data theft and ransomware techniques are becoming more sophisticated – meaning traditional security solutions such as NGFW and IPS are unable to keep up. To efficiently detect data exfiltration hidden in network traffic, the most reliable method is end-to-end analysis of transactions going through the DNS.
Since its introduction in May 2018, GDPR has continued to hit hard. Example recent data protection fines include Facebook ($5Bn in July 2019), BA ($230m), and Equifax (over $575m). Travelex is the latest unfortunate ransomware victim, with threat actors claiming to have downloaded 5GB of sensitive company and customer data, including payment card information, birthdates and social security numbers. The European Data Protection Board (EDPB) has clarified that a ‘data breach’ does not just mean a loss of data, but it can also include data not being available, as was also the case of the WannaCry attack which affected the NHS.
Naturally, other countries have been monitoring GDPR and selecting relevant principles they wish to adopt. 2020 promises to be a very busy year, with many new regulations coming into force. In the US, the California Consumer Privacy Act (CCPA) is taking centre stage, having been launched this January. Other states are quickly following suite, with Nevada enacting its Senate Bill (SB-220) and New York modifying its SHIELD Act to strengthen data security and data breach notification laws. Potential CCPA-like laws will also be coming, from states such as New York and Massachusetts.
Worldwide, data protection is being recognized as a top priority for governments. Brazil’s first General Data Protection Law, the LGPD, will come into force on August 15th 2020, covering many principles of data protection. Thailand’s PDPA is forecast for May 27th this year, and South Korea will introduce a new omnibus law to supplement it’s current PIPA (Personal Information Protection Act). Other countries who’ll augment their existing regulations include India for its PDPB and Australia’s NDB.
According to recent research from Bitdefender, during the last three years 60% of businesses have experienced a data breach at some point, leading to worrying levels of breach fatigue for infosecurity managers. One major cause of this fatigue is the unacceptably high level of false alarms (over 50%) created by endpoint detection and response alerts. In addition, cyberattacks are taking longer to detect, with malware often being hidden in normal network traffic. DNS in particular is a favorite target for hackers, as traditional security solutions like NextGen firewalls are unable to detect exfiltration of data until long after the event.
DNS traffic is not analyzed by a third of companies (Cisco 2016 Security Report). In addition, the high volumes make it difficult to efficiently track with existing network inspection tools, so cybercriminals therefore manipulate the DNS protocol – to act either as a tunneling or a ‘file transfer’ protocol – for stealing sensitive data.
Firewalls simply blacklist remote malicious IPs so are ineffective against exfiltration. And traditional detection algorithms, focusing only on DNS packet frequency, payload, data encoding, or entropy of the requests, are able to filter only part of the malicious traffic. NGFW, anti-DoS and IPS also have no understanding of client context during DNS query exchanges, making it nearly impossible to accurately identify DNS tunneling used for command & control and data exfiltration. So to discover (before it’s too late) that data is being exfiltrated, behavioral threat detection based on real-time analytics of DNS traffic is the only smart way.
When viewed between cache and recursive functions, DNS queries look atypical compared with normal traffic. Thus embedding a security layer at the heart of the protocol – in the DNS server itself – and applying real-time DNS transaction inspection, enables network managers to assess validity of DNS traffic in the specific context of each enterprise. This permits the closing of back doors to data theft, unlike with DLP solutions which often do not take into consideration exfiltration via DNS.
With DNS traffic analytics a powerful base of intelligence can be built, allowing unknown (“zero-day”) malicious domains to be identified. It also helps differentiate between legitimate customers and malicious actors, so eliminating risks of blocking legitimate traffic. And finally, it creates actionable event information to be sent to SIEMs and SOCs for accelerating remediation.
To enhance effectiveness against data exfiltration, businesses globally have begun to supplement traditional security solutions with real-time monitoring and analysis of DNS traffic, allowing even attacks trying to stay under the radar to be rapidly detected. Protecting data confidentiality in this manner will help businesses go a long way towards ensuring compliance with all the scary new data regulations coming along in 2020.
When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.
Explore content highlighting the value EfficientIP solutions bring to your network
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site.