With the Covid pandemic still ongoing, 2021 turned out to be a very disruptive year for organizations and their network infrastructures. For every industry, cyberattacks remained top of mind as cases of ransomware and data theft continued to rise, putting the spotlight on zero trust strategies and threat protection solutions such as DNS Security and Application Access Control.
Hybrid work models and multi cloud adoption also brought their own challenges, particularly in the areas of resource visibility, network management efficiency and data privacy.
Here’s an analysis of 5 topics which had an important impact for network and security personnel this year:
Ransomware and data theft via DNS increased considerably
2021 saw huge ransomware attacks, from Colonial Pipeline to Kesava, with actors threatening to sell or leak exfiltrated data. Data exfiltration was implicated in many other types of cybersecurity incidents such as dependency confusion attacks, nearly always going unnoticed by firewalls as they are incapable of performing the necessary context-aware analysis of traffic. 26% of organizations surveyed by IDC in 2021 reported instances of stolen customer information as a result of DNS attacks compared to only 16% in 2020.
But while it’s a favorite target, DNS, with it’s visibility over all IP traffic, is also ideally placed to be the first line of defense for networks. Real-time behavioral analysis of DNS traffic has therefore been positioned as a top priority by companies for detecting data breaches and protecting against ransomware.
For Zero Trust Security, use of Whitelisting took off
Zero trust requires organizations to verify anything and everything trying to connect to their systems before granting access. A good way to reinforce that is by applying the Principle Of Least Privilege (POLP) for restricting access to only the information, systems, and services which are relevant to the requester. In 2021, use of “allow listing” (whitelisting) techniques became more and more common for enabling POLP and therefore reducing exposure risk.
For adding an extra layer of security, combining application whitelisting with DNS query filtering is seen as being an interesting option. Users are grouped, and company apps/services (both internal and external) are defined in “allow lists”. This granular filtering of users provides an early security barrier for maximizing Application Access Control i.e. who is permitted to access which app during a specified time period, thus reducing the attack surface and limiting the spread of malware.
Hybrid Working models highlighted security and privacy issues
Gartner forecasted that by the end of year, 51% of knowledge workers worldwide would be working remotely – generally using the public infrastructure from each ISP to connect back to the organization’s IT system for consuming SaaS or cloud services and applications. In 2021, this shared public infrastructure has proven to be neither easy to control nor to trust. For 75% of organizations (source: IDC 2021 Global DNS Threat Report), relying on a centralized DNS infrastructure owned by one of the internet giants is regarded as risky with regards to data privacy as a person’s browsing data becomes visible, as do the types of applications they use.
A “Private DoH” set up by the organization can ensure that any DNS traffic from users and devices utilizes the organization’s infrastructure, allowing improved security, filtering and observability. Notable benefits brought include controlled privacy, easier company policy enforcement and unified security policies for all users and devices.
Multi Cloud adoption brought challenges with infrastructure management
The transition to hybrid working models this year caused companies to invest heavily in multiple cloud platforms. However, the resulting data silos, multiple access points and varied cloud APIs meant many businesses have lost unified control of their multi cloud projects, experiencing inaccurate configuration data, inconsistent policies and security holes. According to the Cloud Security Alliance, cloud misconfigurations were the top cause of data breaches, and the 2021 DNS Threat Report found cloud instance misconfiguration abuse had increased by 77% from last year.
With operational efficiency (correct deployment, running and retirement of software-defined infrastructure components) increasingly dependent on cloud orchestration, the IP network is key, together with accurate consolidated data on IP resources. Businesses are therefore relying more heavily on IP “source of truth” data lakes for eliminating configuration errors and optimizing IP resource utilization.
Healthcare remained a top targeted industry
With hospitals and medical facilities using large numbers of connected devices (IoT) to monitor heart rates, dispense medication or perform diagnostics, combined with all the highly sensitive patient and insurance data in circulation, the healthcare industry was this year again an especially attractive sector for cybercriminals. Consequently, IDC’s 2021 Global DNS Threat Report found the industry to be most likely to suffer application downtime, and 23% of healthcare organizations reported having information stolen as a result of DNS abuse.
For better protecting their IT infrastructure and sensitive data, focus on Zero Trust strategy, of which smart DNS security plays a key role, continued to grow. Filtering DNS requests more thoroughly early on in the traffic flow was confirmed as an effective way to prevent unauthorized access from users or connected devices, and facilities improved countermeasures taken against any kind of attack, instead of just shutting down infrastructure or disabling the affected apps.
Secure Your DNS, Secure Your Network
The EfficientIP 360° DNS Security solution offers a specialized layer of in-depth defense to secure your business from both external and internal DNS threats.Learn More