New tool enables organisations to ethically hack their own network and test DNS Robustness
EfficientIP, the DDI security and automation specialist (DNS, DHCP, IPAM), today announced the launch of its new DNS-based Data Exfiltration Application, which is to be made available for free to partners and enterprises. The application is designed as a hands-on web tool to enable organisations to simply and securely conduct their own ‘ethical hack’ on its DNS system and related security defences to identify potential vulnerabilities in its network that could lead to a data breach.
As the foundation for all networks and IP-enabled business, the DNS (Domain Name System) remains a target of choice for cyber criminals to infiltrate a network, take advantage of weaknesses and exfiltrate critical data for nefarious gain. Research conducted with IDC revealed that 88% of organisations experienced one or more DNS attacks on their business over a 12-month period, with almost a quarter (24%) of organisations suffering from the theft of sensitive customer data or Intellectual Property (IP) via the DNS.
EfficientIP’s DNS-based Data Exfiltration Application puts the power back in the hands of organisations by enabling them to test their own DNS networks and see if it is at risk from the techniques that attackers use to break network security defences. Data exfiltration, which employs similar techniques used in DNS Tunnelling, sees attackers adopt a ‘low-and-slow’ approach to not raise suspicions by causing a spike in DNS traffic, where they extract small chunks of data via legitimate DNS requests to the server before they reconstruct the data packets and information when all information has been exfiltrated from the network.
“Data Exfiltration via DNS is one of the more complex and difficult attack vectors to identify, yet can cause significant harm to organisations. Hard to spot, even via the trained human eye, and with many of the traditional security solutions unable to detect exfiltration among the legitimate traffic and DNS requests, organisations can have fallen foul of a data breach for a long time before they even realise.” says Norman Girard, CEO of EfficientIP.
He continues: “Together with our partner community we want to empower organisations to test their networks and identify any vulnerabilities so that they can stop data theft from occurring in the first place. Data breaches can be costly to any organisation, whether through a regulatory fine, lost intellectual property or loss of customer trust. Your DNS doesn’t need to be your blind spot. Effective DNS monitoring is a key requirement for protecting sensitive data.”
Using the new DNS-based Data Exfiltration Application, supported by EfficientIP and its Channel Partner network, organisations will be able to quickly identify gaps in their network and potential vulnerabilities and put in place the appropriate measures to mitigate against this risk in future. With effective DNS security checks in place, organisations protect against data exfiltration, while also meeting compliance regulations.
To find out more about EfficientIP’s DNS-based Data Exfiltration Tool please CLICK HERE.