DNS Is An Underused Tool In Cybersecurity
Even though 94% of the respondents state that they use DNS for threat detection and security intelligence generation, the majority state that they do not take full advantage of this system to improve the organization’s security posture.
An Infoblox report in collaboration with Forrester Consulting shows that the vast majority of security officers in organizations consider DNS as a useful mechanism to detect and block security threats early, identify potentially dangerous devices, and analyze and respond to threats. malware.
However, the Accelerate Threat Resolution With DNS report, which has been carried out through surveys of 203 senior managers of security and risk management of large corporations, also reveals that despite this, companies underuse the investments made in DNS management in your cybersecurity strategies.
The main conclusions included in this report, based on the opinions of the cybersecurity professionals interviewed, are the following:
- DNS is an effective but underused tool for threat detection and resolution, even in environments where “alert fatigue” occurs, that is, when there is a risk that controls will relax due to overproduction of security alerts or false positives.
- 94% of those responsible for cyber are currently using or are considering using security mechanisms based on DNS as a starting point to detect threats, but only 43% of them use this mechanism as a source of information to improve the security intelligence of the organization.
- 66% of respondents use Securing DNS to mitigate any threats that exploit vulnerabilities in the DNS system and other security tools fail to do, like DNS / exfiltration of data, tunnels generation algorithms domain (DGA) and other domain attacks. However, only 33% use internal DNS to stop malicious attacks on a large scale.
- 52% of professionals acknowledge the existence of so-called “alert fatigue” in their IT/cybersecurity department. 51% also acknowledge that they have difficulty managing and classifying detected threats, but only 58% of departments have automated processes to respond to them.
- The study was carried out through surveys of security and risk managers of large corporations (with a turnover of more than 1,000 million euros per year) inactivity sectors such as financial services, health, education, retail, and Public Administrations. Respondents belong to high levels of management in companies, senior executives (48%), vice presidents (11%), and directors (34%).
- The technical personnel of the security area dedicates an average of 4 hours a day to the detection of incidents. DNS management can help automate some of the most repetitive tasks in the search for threats, freeing up security resources to dedicate them to more complex problems.
It is positive to see that most professionals are aware of the importance of DNS as a tool for detecting and mitigating threats. However, it seems that they are under-utilizing investments made in DNS management. As all IT departments seek to optimize the ROI of their investments, getting more out of DNS will help them do that by providing a single dashboard for threat visibility across the network, from the core to the end.