Today’s data-driven economy is being led by personal data, so naturally focus is turning more strongly to privacy and protection. New regulations have appeared over the last few years, but 2020 will see a rapid acceleration, particularly in regions such as America and APAC.
While it’s only fair that regulators introduce these new laws with their associated fines for data breaches, companies are still finding it extremely challenging to ensure confidentiality of their data. Cybercriminals are smart guys – data theft and ransomware techniques are becoming more sophisticated – meaning traditional security solutions such as NGFW and IPS are unable to keep up. To efficiently detect data exfiltration hidden in network traffic, the most reliable method is end-to-end analysis of transactions going through the DNS.
GDPR-like Regulations in the US: CCPA Followed by Other States
Since its introduction in May 2018, GDPR has continued to hit hard. Example recent data protection fines include Facebook ($5Bn in July 2019), BA ($230m), and Equifax (over $575m). Travelex is the latest unfortunate ransomware victim, with threat actors claiming to have downloaded 5GB of sensitive company and customer data, including payment card information, birthdates and social security numbers. The European Data Protection Board (EDPB) has clarified that a ‘data breach’ does not just mean a loss of data, but it can also include data not being available, as was also the case of the WannaCry attack which affected the NHS.
Naturally, other countries have been monitoring GDPR and selecting relevant principles they wish to adopt. 2020 promises to be a very busy year, with many new regulations coming into force. In the US, the California Consumer Privacy Act (CCPA) is taking centre stage, having been launched this January. Other states are quickly following suite, with Nevada enacting its Senate Bill (SB-220) and New York modifying its SHIELD Act to strengthen data security and data breach notification laws. Potential CCPA-like laws will also be coming, from states such as New York and Massachusetts.
Brazil, Thailand, India and Australia Jumping on the Bandwagon
Worldwide, data protection is being recognized as a top priority for governments. Brazil’s first General Data Protection Law, the LGPD, will come into force on August 15th 2020, covering many principles of data protection. Thailand’s PDPA is forecast for May 27th this year, and South Korea will introduce a new omnibus law to supplement it’s current PIPA (Personal Information Protection Act). Other countries who’ll augment their existing regulations include India for its PDPB and Australia’s NDB.
More Companies than Ever Being Affected by Data Breaches
According to recent research from Bitdefender, during the last three years 60% of businesses have experienced a data breach at some point, leading to worrying levels of breach fatigue for infosecurity managers. One major cause of this fatigue is the unacceptably high level of false alarms (over 50%) created by endpoint detection and response alerts. In addition, cyberattacks are taking longer to detect, with malware often being hidden in normal network traffic. DNS in particular is a favorite target for hackers, as traditional security solutions like NextGen firewalls are unable to detect exfiltration of data until long after the event.
Why Cybercriminals Exfiltrate Data via DNS
DNS traffic is not analyzed by a third of companies (Cisco 2016 Security Report). In addition, the high volumes make it difficult to efficiently track with existing network inspection tools, so cybercriminals therefore manipulate the DNS protocol – to act either as a tunneling or a ‘file transfer’ protocol – for stealing sensitive data.
Firewalls simply blacklist remote malicious IPs so are ineffective against exfiltration. And traditional detection algorithms, focusing only on DNS packet frequency, payload, data encoding, or entropy of the requests, are able to filter only part of the malicious traffic. NGFW, anti-DoS and IPS also have no understanding of client context during DNS query exchanges, making it nearly impossible to accurately identify DNS tunneling used for command & control and data exfiltration. So to discover (before it’s too late) that data is being exfiltrated, behavioral threat detection based on real-time analytics of DNS traffic is the only smart way.
Close Back Doors to Data Theft with DNS Transaction Analytics
When viewed between cache and recursive functions, DNS queries look atypical compared with normal traffic. Thus embedding a security layer at the heart of the protocol – in the DNS server itself – and applying real-time DNS transaction inspection, enables network managers to assess validity of DNS traffic in the specific context of each enterprise. This permits the closing of back doors to data theft, unlike with DLP solutions which often do not take into consideration exfiltration via DNS.
With DNS traffic analytics a powerful base of intelligence can be built, allowing unknown (“zero-day”) malicious domains to be identified. It also helps differentiate between legitimate customers and malicious actors, so eliminating risks of blocking legitimate traffic. And finally, it creates actionable event information to be sent to SIEMs and SOCs for accelerating remediation.
Avoiding Regulatory Compliance Fines
To enhance effectiveness against data exfiltration, businesses globally have begun to supplement traditional security solutions with real-time monitoring and analysis of DNS traffic, allowing even attacks trying to stay under the radar to be rapidly detected. Protecting data confidentiality in this manner will help businesses go a long way towards ensuring compliance with all the scary new data regulations coming along in 2020.
Is your data truly confidential?
Exfiltration of data via DNS is both real and prevalent. Let EfficientIP help with an assessment of your existing DNS architecture & protection systems in place.REQUEST SECURITY ASSESSMENT