Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

DNS-based Analytics: Best Practice Threat Detection to Support the NIST Framework

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,606
Reaction score
126
UK boards increasingly recognise the strategic value of effective cyber security. More companies than ever before (72%) claim to perceive the risk of cyber threats to be high or very high relative to other business threats, according to a March 2019 government report. Yet the role DNS-based threats play in the overall landscape is less well understood, despite being articulated at length by organisations like the US National Institute of Standards and Technology (NIST).

The truth is that one of the most effective ways to control cyber risk and support business growth is by focusing on DNS: a key threat vector and therefore a perfect place to plug-in detection and response capabilities. Doing so will go one better than merely managing risk; it will do so in a way that aligns with global best practices by NIST.

A way forward


NIST frameworks are important because they offer firms a way forward amidst an increasingly complex regulatory environment, growing threats and heightened expectations from the business. GDPR in particular is famously light on prescriptive detail, meaning that following industry best practices remains one of the best ways to keep regulators happy. It’s reassuring that the US standards body has produced detailed guidance about DNS risk in the past, highlighting the importance of the system and how frequently it’s abused by attackers.

Although it can be overlooked in the organisation, DNS plays a crucial role for every firm, converting domain names to IP addresses so staff and external users can find the sites, apps and devices they’re looking for online. But it was designed many years ago, with usability not security in mind. Cyber criminals have become adept at exploiting these DNS vulnerabilities to redirect users to phishing and malware sites. Given its criticality, DNS traffic is also usually whitelisted by corporate firewalls, giving hackers an additional opportunity to smuggle stolen data out of the organisation, or to send command-and-control messages to compromised enterprise machines.

The government report mentioned earlier also claims that only 16% of boards have a “comprehensive understanding” of the impact of cyber threats on the organisation. This is especially concerning given the financial and reputational damage cyber threats can do. Data breaches are estimated to cost on average $3.9m, but in serious cases this figure can climb much higher. Yahoo is required to pay out $120m following its 2013 breach of three billion customers, for example, not to mention the $350m that was wiped off its sale price to Verizon.

Supporting NIST


For these reasons and more, firms often look to best practice standards and approaches to help them. NIST offers one of the most globally recognised with its Cybersecurity Framework. It includes five key functions that form a “backbone” around which all other elements are organised: Identify, Protect, Detect, Respond, and Recover.

DNS-based analytics from Nominet fit perfectly with the detect piece, enabling firms to spot “anomalies and events”. Our NTX platform does this by using machine learning to detect the smallest signs of malicious behaviour, right down to single packets, in huge volumes of DNS traffic. This means organisations can spot data loss attempts, command-and-control communications and attempts to direct users to malicious and phishing sites. In fact, NTX also goes beyond the “detect” piece by blocking this malicious activity in real time to disrupt any attack before it’s had a chance to impact the organisation. This means it also helps organisations comply with the Protect and Respond functions of the framework.

That’s the kind of best practice threat detection and response organisations need as they battle to contain evolving cyber risk and stay ahead of the competition. To find out more download our white paper.

The post DNS-based Analytics: Best Practice Threat Detection to Support the NIST Framework appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom