Protecting a Mobile Workforce with Hybrid DNS Security

Written by

It is expected that half of the UK’s workforce will be working remotely by 2020, accessing the corporate network via mobile devices and the cloud. If true, this prediction is likely to cause a few sleepless nights for the teams traditionally responsible for managing network security on-premise.
 
According to a recent survey, around a third of organizations (29%) claimed to have experienced a data breach as the result of employees working remotely. The loss or theft of sensitive information can, of course, have a severe financial and legal impact, in addition to causing significant brand damage.

With the average consolidated cost of a data breach estimated to be around £2.6m (US $3.6m), it’s little surprise that more than two thirds of organizations (70%) are concerned with data loss when users are off the network, and that three quarters worry their network will be infiltrated with malware due to an increase in roaming or off-network access. 

Vulnerable and unsecure
At the root of many of these breaches, and the damage and stress that accompanies them, lies the DNS, or domain name system. Often referred to as the address book of the internet, DNS sits at the heart of every organization’s IT network, translating domain names into machine-readable IP addresses.

Despite most internet communications relying on DNS, however, it is inherently vulnerable and not sufficiently secured, resulting in weaknesses that can be exploited for criminal ends. 

DNS is used by over 91% of malware to carry out campaigns such as communicating with C&C servers, holding data to ransom or serving as a pathway for data exfiltration. Due to its position at the core of the network, however, DNS is often the first part of an organization’s infrastructure to see the majority of malicious activity and should, therefore, be considered an organization’s first line of defense. 

By collecting and analyzing data from DNS queries, an effective enterprise DNS security solution will provide essential context and visibility that will alert IT teams to any anomalies, enable them to report on which devices are joining and leaving the network, and ultimately allow them to resolve problems more quickly. 

Many DNS security solutions are focused on on-premise networks, however, and aren’t sufficiently suitable for remote workers and offices, much of whose workloads are held in the cloud. 

The mobile options
Meeting the demand for greater speed and mobility means that internet traffic from mobile workers tends not to be backhauled to an organization’s network via corporate points of presence such as servers or routers. As a result, DNS traffic to and from an organization’s mobile users will not generally be visible to corporate security monitoring. 

The growing shift towards a more mobile workforce makes it important for organizations to adopt a hybrid approach to DNS security that will protect both on-premise and mobile users; a combination of on-premise DNS security as mentioned above, and one of the following approaches to maintaining DNS security in a mobile environment. 

Agent software, for example, can be installed on a mobile device and reroute DNS traffic to a cloud-based DNS security solution that can monitor client-side behavior to detect malicious or suspicious DNS activity.

In cases where it isn’t possible to install an agent, configuration settings on a mobile device can be set to proxy mobile device traffic through services often referred to as cloud access security broker (CASB).

However, while CASB services are able to monitor HTTP traffic from mobile devices, the implantation of an additional DNS proxy solution is required to reroute DNS queries to a cloud-based DNS security solution which can then monitor and block suspicious activity.
 
What’s more, a combination of both client agent and proxy approaches, integrated with threat intelligence to assure the detection of DNS tunneling and other advanced targeted threats, can provide broad coverage across a variety of devices and external services. 

DNS as an asset
If not given proper consideration within an organization’s security plans, DNS can provide an easy point of entry for malicious actors intent on disrupting networks, and accessing and exfiltrating sensitive information.

The problem is growing: as sophisticated cyber-criminals continue to develop new techniques and tactics to exploit vulnerabilities in DNS services, the increasing demand to support a growing mobile workforce opens up additional attack vectors. 

DNS services and data can be used as an asset in the security chain, however. By taking a hybrid approach of on-premise DNS security together with a cloud-delivered solution, organizations are able to protect not just the users within their corporate network, but also those based in branch offices, and those who increasingly opt to work remotely.

What’s hot on Infosecurity Magazine?