HTTPS everywhere and encrypted DNS will quickly introduce more privacy
Network Operators

Why DNS Blacklisting is not the Best Security Control

DNS blacklisting is still considered one of the main security controls within service catalogs of many security vendors. This approach is inherently reactive, relying on human analysts to respond & validate millions of security events weekly. It is easily circumvented and is becoming ineffective because of increasing encryption of DNS on endpoint devices.

Continued privacy concerns and regulations, such as GDPR, will drive the growth of encrypted channels and protocols across the Internet. As a result, DNS firewalls will become ineffective as a security inspection datapoint.

Why is DNS Blacklisting not the Best Security Control?

The pace at which cyber-attack patterns and malicious infrastructure developments are shifting will put security vendors one step behind in the race. For instance, techniques such as Fast flux and DGA used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts. It creates attack infrastructure that is more resistant to discovery and counter-measures. Such techniques make DNS black-listing reactive and also costly security control to maintain.

Signature-driven detects no longer suffice due to their reactive nature. There are between 200 000 and 300 000 new malware samples released every day. Tracking of these issues gets increasingly complex as well. Looking at the scenario from an attacker’s perspective, DNS firewalls are used mostly within the Delivery or Command & Control attack phases. The focus is solely on blocking known bad destinations, rather than on proactively detecting possible threats & anomalies.

Broadband customers are bringing millions of new smart devices into their homes, and they are becoming an increasingly essential part of the modern smart homes. However, these new devices are difficult to secure using traditional signature-based and black-listing methods.

DNS blacklisting is not effective in many attack vectors, including Internet of Things (IoT) hacking or hacker attempts to gain a foothold in Network Operator’s network. The latest innovative shift in technologies enables encryption to be implemented easily. It will be the norm to provide data confidentiality and integrity for interconnected IoT ecosystems.

New Encryption Trends with Big Vendors

Vendors like Google, Amazon, and Microsoft dictate, how internet habits will evolve in next few years. Apple has already made the feature available for devices that are managed by MDM platforms and plans to roll it out to the general iPhone (iOS 11 and up) population at some point soon. Having HTTPS everywhere and encrypted DNS are just a couple of trends which will be quickly adapted to introduce more privacy within home consumer space.

While encryption introduces more security and privacy for broadband homes and consumer space, there is also a downside of this trend. Network Operators are more challenged to protect communication channels and identify compromised devices/attacks.

On 25 May 2018, General Data Protection Regulation (GDPR) will come into effect. It is going to protect the data of the citizens of European Union member states. It also includes non-EU organizations that use the data of EU citizens. 

According to the regulation, all organizations will have to improve their security measures, including data assessment, high-security standards, and privacy policies. This regulation will reform the overall cybersecurity landscape and introduce a more comprehensive security controls.

Why is DNS Blacklisting not the Best Security Control?

1) DNS firewalls can be sidestepped. An attacker can easily evade existing traditional signature detection technologies to gain a foothold in the network.

2) DNS blacklisting is reactive. With millions of new threats, it’s practically impossible to track all new malicious DNS addresses effectively.

3) DNS blacklisting is irrelevant for many threat vectors (i.e., threat landscape relative to IoT ecosystem).

4) Along with GDPR and FCC stance on Net Neutrality, we will see increased adoption of data pseudonymization and data encryption.

Instead of relying on known malicious domain blocking, CUJO AI security focuses on behavioral analysis, Machine learning (ML) and Artificial Intelligence (AI) algorithms. This way, we ensure network security for both browser-enabled and Internet of Things (IoT) devices.

Find out more. Request our white paper DNS Threat Intelligence vs. AI Network Security