ESG's Christina Richmond and John Grady discuss recent ESG cybersecurity research, and its implications for DNS security.
Read the related ESG Brief, Managed DNS Security Services Finally Step Up.
Christina: I'm joined today by John Grady, ESG analyst, covering network security. John, thanks so much for joining me to chat about cybersecurity services today.
John: Absolutely. Thanks for having me, Christina.
Christina: We recently completed a study on cybersecurity services about 200 respondents in North America, and I thought we could chat about it from a high level but also in terms of DNS security, which is kind of in your camp.
John: Sure, sure. So as far as services, I'm curious, we know services are kind of the glue that holds a lot of security programs together. And I'm wondering, were there any surprises that came out of the data, maybe a hypothesis you went in with that the data came back and made you think, "Oh, maybe that was not where I thought it was going to fall?"
Christina: Yeah. So one of the reasons I wanted to chat with you today is that the biggest surprise for me had to do with asking folks what types of services they're engaged in today. Interestingly, 50% of the respondents state that they were engaged in services for DNS security. That's pretty interesting because my thought on DNS security as a service is that it's not fully understood yet. So my hypothesis was I didn't think it would score very high. But I think because we've seen an attack, right, the Dyn attack, that really highlighted DNS. We've seen Cisco, which has purchased OpenDNS, now Umbrella. I think this is bottling up to the top of mind for respondents, but I still think that actual services are not fully understood.
John: Yeah. DNS on the whole, I think, there's still some confusion, because you have DNS security. You have DNSSEC, so they're securing the protocol itself and then leveraging DNS as a threat vector of, you know, visibility. But I totally agree. I think you mentioned Dyn, which obviously got a lot of press. There was either an attack or awareness by DHS earlier this year where, you know, they had all the civilian agencies, you know, kind of reassess their DNS security posture. And so like everything, it certainly helps build awareness. And so if we think about it from, you know, the visibility perspective, there are so many insights that you can glean if you're looking at DNS traffic. And you can very quickly determine where connections are being made, start to block very clearly known bad traffic or things you know are pretty bad, and either inform your existing security infrastructure - you can do that on a next-gen firewall - or kind of reduce the load, do that elsewhere, and then help those solutions work more efficiently.
Christina: You know, it's relatively inexpensive, right? It doesn't require any hardware. It can be purchased as a service, implemented fairly quickly, few changes to the DNS configuration. Is that accurate?
John: Yeah, it is. It is. And there's a lot of different ways you can do this. And it's a protocol you have to look at, because you know, you see, increasingly, I think I saw a stat. Eighty percent of malware comes in through DNS. So you have malware and potentially even data exfiltration using DNS tunnels to come in undetected. So if you're not looking at it, you can't see it. Think about IoT, there's typically a very small universe of connections an IoT device should be making. And if you have visibility on the DNS protocol, you can very easily see if something is connecting to somewhere where it shouldn't. And then obviously, with DDoS as well. DDoS started to fly under the radar a little bit, but when we think a lot of malware and, you know, data theft type attacks, but there's still the availability issue as well where looking at DNS becomes increasingly important.
Christina: So everything you mentioned is spot on, and I think that is what we look at in terms of DNS security that is built into the DNS resolution, right, of those lookups and the traffic going to different IP addresses. But I think, on top of it, what we're seeing is some service providers that are offering managed DNS in terms of continuous monitoring, in terms of continuous blocking of malicious IPs, as you discussed, but also a dashboard of visibility and all of the activity weaving on top of this, which is so critical, the threat hunting and the forensic gathering. I think that augments what we can find in traditional next-gen firewalls. It helps us to gain deeper forensic evidence in case of investigations. So I think we're going to continue to see a rise in DNS security, especially because, you know, Cisco is pushing the benefits and Cisco is a fairly large marketing engine. But there's other providers as well, right. There's Nominet, which is one of the UK DNS resolvers coming into North America, there's also Neustar that offers some DNS security services, and others. It's interesting also that it's one of the top services that the respondents in our study stated should be a part of managed security service provider offerings. So that should be a signal to them, right, that they should seek to add DNS security services.
Thanks, John, for talking today. And remember, folks, we're offering a free readout of all of the services data. If you're interested, please do get in touch.