DNS stands for Domain Name System and acts as the “phone book of the internet”, turning IP addresses, such as 157.240.22.35 into Fully Qualified Domain Names (or FQDNs), such as Facebook.com.

If you think about your daily tasks at work, for instance, your computer initiates about a thousand DNS queries every day, from accessing websites to software updates.

Gartner states that “DNS is a critical component of the Internet infrastructure” – Given the frequently-utilized nature of DNS, DNS can also leave a lot of room for security risks.

DNS security is important because it can impact the availability and integrity of Internet services.

DNS attacks can result in denial of service (DoS) attacks and data exfiltration. DNS can also be utilized for phishing and botnet command and control callbacks, just to name a few. In short, DNS is kind of a big deal.

DNS Threats

There are a variety of DNS Security threats. Let’s highlight a few of the more commonly known and widely seen DNS Threats in the industry:

DNS spoofing is a threat associated with an attacker redirecting a user to a fake website by altering the DNS record. The attacker can use this technique to steal sensitive information, such as login credentials, credit card details, etc.

DNS Cache Poisoning is an attack where the attacker injects false information into the DNS cache of a targeted system, redirecting users to malicious sites.

DNS Amplification is a type of Distributed Denial of Service (DDoS) attack that exploits vulnerable DNS servers to flood a target system with a massive amount of traffic, causing the system to crash.

DNS Tunneling is when an attacker utilizes DNS queries and responses to bypass firewalls and send unauthorized data out of the network.

DNS Hijacking is a threat that occurs when an attacker gains control of a domain's DNS settings, redirecting users to a different website or stealing sensitive information.

How can I protect my Environment Against DNS Threats?!

Gartner recommends that organizations take a proactive approach to DNS security by implementing a range of security controls, including:

Implementing DNS Firewalling capabilities allows organizations to identify, block, and monitor malicious traffic, which, in turn, allows for the prevention, triage, and isolation of DNS-based attacks before they’re able to infiltrate and spread throughout the network.

DNS Security Extensions (DNSSEC) is a security protocol that adds a layer of protection to DNS by verifying the authenticity of DNS data (both the validity of the DNS query response and the identity of the signor) in order to protect against cache poisoning attacks.

Lastly, it is recommended that organizations utilize Threat Intelligence to identify and respond to DNS-based attacks. Threat intelligence can help organizations understand the tactics and techniques used by attackers and take appropriate measures to prevent attacks.

Secure Access Services Edge (SASE):

Given today’s ever-evolving threat landscape, a discussion regarding DNS security would be remiss without also mentioning the overarching concept of the Secure Access Services EDGE (SASE) industry framework.

Gartner defines SASE as the ability to implement ‘converged network and security-as-a-service capabilities, including SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Next Generation Firewall (NGFW), and Zero Trust Network Access (ZTNA).

SASE supports branch office, remote worker, and on-premise secure access use cases, and is typically delivered as a SaaS service to enable Zero Trust Access based on the identity of the device or entity, combined with real-time context, security, and compliance policies.’

The main goal of implementing the SASE framework is the ability to enable secure access to applications wherever users may be accessing from.

With more and more organizations adopting Multi-cloud for its enhanced speed and agility comes with increased challenges, such as an expanded attack service and variable controls on endpoints.

Securing these additional security shortcomings requires the powerful combination of SD-WAN and DNS security to allow for enhanced visibility and control over both user access and user experience.

Cisco’s Approach to SASE offers customers a comprehensive and seamlessly integrated offering by combining Cisco’s Next Generation SD-WAN solution with Cisco Umbrella DNS Security, Cisco Identity Services Engine, and Cisco DUO network access to provide SD-WAN, SWG, CASB, NGFW, and ZTNA capabilities.

SASE and DNS Security:

DNS Security is critical when implementing SASE (Secure Access Service Edge) in an environment due to the fact that DNS is one of the most commonly utilized protocols on the internet, playing a critical role in connecting users to the resources they need.

Given this, SASE solutions typically incorporate DNS security features, such as DNS filtering and DNSSEC (DNS Security Extensions).

DNS filtering can also be utilized to block access to known malicious domains to prevent users from accessing potentially harmful content, while DNSSEC provides a cryptographic mechanism to ensure the integrity of DNS queries and responses.

By implementing these security measures, organizations can ensure the reliability, availability, and security of their DNS infrastructure, which is essential for maintaining the overall security posture of their SASE environment.

DNS Security: Cisco Umbrella

Cisco Umbrella is a cloud-based security platform that provides a first line of defense against threats on the internet. It offers DNS filtering, which blocks access to malicious domains, IPs, and URLs before a connection is even made.

This provides protection for all devices, both on and off of the network. Umbrella also provides secure web gateway functionality, which enables organizations to control access to the web and block threats from entering the network through web traffic.

The platform can be integrated with other Cisco security solutions and third-party tools, allowing for comprehensive threat detection and response capabilities. It also provides visibility into internet activity across all locations and devices, enabling IT teams to quickly detect, respond, and triage threats.

Umbrella's DNS-layer security is delivered through the global network of Cisco Umbrella resolvers. These resolvers handle billions of DNS requests every day and utilize machine learning models to detect and block malicious domains and IPs in real-time.

DNS Security Sounds Awesome – But Can it Firewall?

With Cisco Umbrella Cloud Delivered Firewall, it can!

Cisco Umbrella Cloud Delivered Firewall is a cloud-based firewall solution that provides advanced threat protection and policy enforcement across multiple devices, applications, and locations by integrating with other security technologies, such as Intrusion Prevention System (IPS), URL filtering, and DNS security to protect against a wide range of threats, including malware, phishing, and ransomware attacks.

It is also designed to provide granular visibility and control over network traffic, which allows organizations to enforce security policies and prevent unauthorized access to their network.

One of the key advantages of the Cisco Umbrella Cloud Delivered Firewall is its cloud-based architecture, which allows it to be deployed quickly and easily across multiple locations and devices, as well as provide continuous updates and patches, ensuring that organizations always have the latest security features and protection.

The Cisco Umbrella Cloud Delivered Firewall is a comprehensive and effective firewall solution that provides advanced threat protection and policy enforcement in a scalable, easy, Cloud-managed fashion.

Summary

In short, implementing SASE can be a daunting task. Cisco’s SASE strategy eases any potential hesitation in adopting SASE by combining integrated Zero-Trust and DNS Cloud-Based security solutions to enable organizations to implement SASE methodology at scale.