There are two types of companies: Those who have been hacked, and those who don't yet know they have been hacked1
With data breaches frequently making the news and causing panic among network administrators, the above statement by former Cisco boss John Chambers in 2015 certainly doesn't seem far-fetched. I don't remember a week in 2018 going by where I wasn't learning of a data breach and how sophisticated the attack was. Well, except for the time I didn't have internet access while visiting the Salt Cathedral of Zipaquirá, and I couldn't understand why. Then, there was the time I had no access on a cruise, but I digress.
The consequences of a data breach are far-reaching, and it should come as no surprise that information security is the top concern for all C-level executives of companies today. Some of these companies are embracing cloud-native initiatives which have improved organizational agility, reduced products' time-to-market, and leveled the playing field with respect to computational power. However, they lose visibility into the expanded environment, causing concerns over whether they can adequately secure their cloud environment the way they would their traditional network.
These well-founded concerns are understandable. Traditional network security solutions being used in combating the current cyber-crimewave have only increased the complexity and risk for businesses. Fraudsters have amped up their phishing techniques to deploy sophisticated malware on network devices(human controlled and otherwise) as part of ransomware campaigns, steal sensitive data, or other criminal activities.
It's far more important to keep an eye on what's traveling out of the network....Today, malicious actors aren't interested in scaling the castle wall and capturing the flag. They want to exfiltrate the flag.2
We should always remind ourselves of the statement above made by John Kindervag and add to our focus, ways to prevent any data exfiltration to unauthorized sources in our network. Companies have typically leveraged endpoint solutions in addition to other network elements to protect against malware used for that purpose. However, in combating the cyber-criminals of today, companies need to embrace a defense-in-depth security strategy where all network layers used in accessing data should be secure and this includes the DNS layer. DNS is an often overlooked layer for security and yet, is integral to network functionality. It's the protocol we use to locate resources on a network. We use it to access our favorite websites, whether news or social media. We use it to access the printers or storage devices, when accessing the security cameras in the data centers and even to send emails. It's also used by unsuspecting victims to access phishing websites from where malware is downloaded. It is also used by malware to locate control servers on internet. These servers could serve as destinations of data stolen (also using DNS protocol) from digital assets inside companies. These servers could also be used to download keys used to encrypt digital assets as part of ransomware activities.
And so, it's wise and imperative to secure the DNS layer as part of a defense-in-depth security strategy. As a security control point, DNS layer security offers a proactive way to uniformly and immediately block malicious domains and communications for all of your users, whether they are on or off network. It can also deliver lower latency, fewer broken sites and apps, and improved network performance.
These are drivers for the Akamai Enterprise Threat Protector (ETP) solution. ETP is a Secure Internet Gateway solution that is really about advanced threat protection in the cloud for all your users everywhere and using that as your safe onramp to the internet. ETP uses multiple layers of protection -- DNS, URL, and inline payload analysis -- to provide security with reduced complexity and without impacting performance. Companies simply need to direct their recursive DNS traffic to Enterprise Threat Protector global servers where all requested domains are checked against Akamai's real-time domain risk scoring threat intelligence. Safe domains are resolved as normal, malicious domains are blocked, and risky domains are sent to a smart selective proxy where the HTTP or HTTPS URLs are inspected to determine if they are malicious. The HTTP and HTTPS payloads from risky domains are then scanned in real-time using multiple advanced malware-detection engines.
ETP improves security defenses. It reduces security complexity and increases the efficiency of security teams. Find out more here.