The recent revolution of remote working has created convenience and flexibility for organisations across industries, but it comes at a cost when it concerns complexity.
Our latest global threat report showed that 66% of companies are struggling with the complexity and security challenges of the hybrid work model.
This complexity comes from having employees connect to enterprise networks and access critical systems remotely, often using different devices and legacy tools such as VPNs. This unsecured remote connectivity allows threat actors to bypass endpoint security systems easily by compromising remote employee accounts or devices.
As organisations struggle to monitor and authenticate remote connections, the Zero Trust model has emerged as an effective solution to this issue. However, Zero Trust is not a one-size fits all solution. Without proper integration, this proactive model can pose its own set of challenges.
The unprecedented challenges of Zero Trust
The current approach of Zero Trust implementation can significantly impact an organisation’s productivity and user accessibility. In practice, organisations usually implement this policy by establishing authentication at every network endpoint- ensuring that every user profile and device requesting remote connections are validated.
So, every device and account that arrives at the endpoint environment is constantly scanned. If any user or device is fractionally identified as unsafe, it’s completely cut off from the network without any alternative, or any further validation or analysis. While this least-privilege approach ensures strict security compliance, it can also be disruptive for legitimate users – as they won’t be able to access any part of the organisational network until the issue is resolved.
Organisations need a more refined approach that establishes Zero Trust on a per-application basis. This means users are only disconnected from the system or application where the authentication failed, allowing them to still access other assets within the network if the requirements are met.
This approach allows remote employees to still carry out their tasks using applications and assets with lower security ratings until the issue is resolved. At the same time, businesses can still protect their critical assets using the core mechanism of Zero Trust. But how can organisations achieve this fine-grained approach?
The Domain Name System (DNS) infrastructure is one such solution that can enable such granular control. DNS is one of the key facilitators of any network transaction and incorporating its infrastructure with the Zero Trust framework can allow organisations to achieve more granular control over user activities in a hybrid or remote environment.
The underlying benefits of DNS and Zero Trust integration
For those businesses already underway with Zero Trust, DNS can provide a valuable source of information to make better decisions. With successful implementation and integration, DNS solutions can act as the first line of defence for a firm’s security infrastructure.
The core mechanism of DNS is connecting endpoint devices to the enterprise network and enabling them to access online assets such as cloud-based applications and critical files and data. So naturally, DNS is the first point of contact before any other interaction takes place between a machine and the internet.
When integrated with a Zero Trust framework, DNS can provide valuable insights into the nature of every connection request made to the enterprise network. It helps to identify if any particular user activity is falling outside of normal behaviour, indicating a potential malicious actor. For instance, a user might be making unusual queries on the Active Directory. DNS will help to identify those anomalies and restrict access to that specific application, until security teams have completed their assessment.
Moreover, DNS is easier to manage compared to most endpoint security solutions, as all required security mechanisms are already there. Even vastly used operating environments such as Microsoft already have inbuilt DNS tools, which can be a great starting point for many businesses.
Our research found that over 99% of organisations already have some form of DNS security in place. However, nearly half don’t use a security solution built into a DNS server, which hinders their ability to detect anomalies in real-time and enhance user protection. So the awareness is there, but utilisation is still low.
How can businesses start using DNS to its full potential?
Firstly, organisations should start utilising their existing DNS intelligence to attain extensive visibility into threats. DNS intelligence comprises of all data that comes from existing DNS systems and users interactions. Using this data will help security teams to understand how legitimate users interact within the system, and establish an effective blueprint of which network activities are acceptable and which are not.
Utilising DNS analytics allows organisations to monitor almost every core aspect of the network, including newly added domains and subdomains, IP associations, WHOIS, link between domains, and much more.
Moreover, organisations should update their DNS security protocols to ensure that all inbound and outbound traffic are continuously monitored. Most importantly, organisations should invest in DNS security solutions that seamlessly integrates with a Zero Trust network architecture.
Overall, DNS is a powerful tool that not only facilitates automated security decisions, but also improves the effectiveness and efficiency of an organisation’s Zero Trust strategy, enabling security teams to address threats with enhanced visibility and detection.
About the Author
Chris Buijs is Chief Evangelist at EfficientIP. EfficientIP is a network security and automation company, specializing in DNS-DHCP-IPAM (DDI). We promote business continuity by making your IP infrastructure foundation reliable, agile, and secure. Integrated solutions enable IP communication and simplify network management with end-to-end visibility and smart automation, while patented technology secures DNS services to safeguard data and ensure application access. Companies in all sectors rely on EfficientIP offerings to face the challenges of key IT initiatives such as cloud applications and mobility.
Featured image: Adobe Stock