Back to basics: Why DNS is still foundational even as technology evolves

Image via Unsplash

Almost every company is chasing the latest shiny object in an effort to be more competitive. The latest shiny object is AI, but before that, it was cloud, 5G, etc. The problem is that all of these new technologies also increase security risks — and the reality is that most organizations are ill-prepared for the existing security risks, let alone the new ones created by the addition of emerging technologies.

Getting back to the basics is essential before security leaders can start thinking about engaging with these new technologies. In other words, they've got to crawl before they walk or run.

More awareness – and more incidents

Despite greater cybersecurity awareness than ever before, breaches and other cybersecurity incidents continue to proliferate. Bad actors are getting better at their jobs, and the technology they use to carry out attacks has grown in sophistication.

According to Verizon's 2024 Data Breach Investigations Report, the use of vulnerability as an initial breach entry point increased 180% from 2022 to 2023. And 68% of breaches involved a human element. Human error is a significant factor in most breaches, primarily from clicking phishing emails and malicious links.

The threats researchers see haven't changed significantly in recent times; they mostly see the same kinds of threats, but more of them. DNSFilter's annual security report found that the average user encounters five malicious queries a day — which adds up to about 1,825 per user per year. Detections of phishing attempts were up 106%, and malware detections were up 40% year-over-year.

DNS: Laying the cybersecurity groundwork

AI and other new technologies are rapidly expanding the cybercrime landscape, making having a solid cybersecurity foundation more critical than ever. DNS is a vital aspect of this foundation.

DNS is a more than 40-year-old technology that is the underlying infrastructure of the internet itself, but it is still too often ignored or under-resourced from a security perspective. DNS security is a cornerstone of the overall cybersecurity posture, as blocking malicious websites and links is essential. It also becomes more important when you understand that most phishing and malware use DNS.

The truth is that most attacks are low-effort and are conducted the same way because they work. Attackers don't need to reinvent the wheel; they can just stick to what's easy and proven. While there are novel attacks, those are more likely to be pulled off by a nation-state. Most big cybercriminal gangs aren't doing anything novel; they're still relying on general phishing attacks to make their illicit millions.

The basics of protective DNS

DNS security is a broad term that refers to anything that safeguards DNS infrastructure. Protective DNS is one of these safeguards, crucial for endpoint security. It contributes to data protection and defends against malware and phishing attempts.

Antivirus software is necessary but limited; protective DNS offers another layer of defense against web-based threats. When security professionals implement protective DNS, they use filters based on DNS that temporarily block web requests from users. These filters check the requests against a vast database of known malicious sites identified by threat intelligence sources. If a request matches a malicious site, the domain gets blocked, and the user receives an alert.

Protective DNS can also help to prevent phishing attacks coming through email. Most companies have email filtering in place, but it's not a failsafe. Sometimes, it can return false negatives that let malicious emails into users' inboxes. Such phishing messages typically contain malicious web links, and incorporating DNS filters into the infrastructure will prevent users from opening those malicious links. Adding protective DNS into email security can significantly lower your risk of data breaches and other cyber incidents that result from web link-based attacks.

Though cybercriminals are using AI to enable their attacks, defenders are also using this technology to better protect their environments in a variety of ways. One of those ways is by using threat intelligence — mentioned above — which leverages artificial intelligence to detect the latest malicious domain creations across the dark web. These newly detected threats get added to DNS filters to prevent users from accessing them.

DNS as a key security factor

Cybersecurity has evolved into a multifaceted operation with many moving parts and constant changes. AI poses new threats, for instance, but so do old standards like DNS if they aren't properly managed. Without DNS filtering and blocking capabilities in place, companies are more susceptible to those five daily malicious queries noted earlier that can wreak havoc on an organization's network.

DNS is often overlooked and under-resourced, but it's a critical element in protecting organizations today. Adding protective DNS is a foundational step you can take to detect malicious links and sites across the attack chain.

Will Strafach is the head of security intelligence & solutions at DNSFilter, where he is responsible for categorization innovation, classification accuracy, and threat protection. He has over 12 years of experience in security research, embedded device analysis, reverse engineering, and technology team management.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.