DNS Analytics Must Play Leading Act in Security Ecosystem

DNS Analytics Must Play Leading Act in Security Ecosystem

June 15, 2020

According to EfficientIP VP of Strategy Ronan David, DNS analytics offers valuable information against would-be hackers that is currently going under-utilized.

EfficientIP, in collaboration with International Data Corporation releases it 2020 Global DNS Threat Report this month, shedding light on the frequency of the different types of DNS attack and the associated costs for the last year. It claims that while the average number of attacks and the associated costs have remained high, enterprise evolution and awareness of DNS security is growing.

Nearly four out of five organizations (79%) experienced DNS attacks, with the average cost of each attack hovering around $924,000. The Report shows that organizations across all industries suffered an average 9.5 attacks this year. These figures illustrate the pivotal role of the DNS for network security, as threat actors make use of DNS’ dual capacity as either a threat vector or a direct objective. This was 10.73 attacks for Singapore, and India with 12.13 attacks, the highest globally, against 10.44 for Asia as a region.

Among the countries surveyed for cost of attacks, Singapore ranks in the top three, while Asia as a region has held fairly consistently. In Asia, cost per attack went down slightly from the previous year, from USD 814,000 to USD 793,000; while Singapore’s increased from USD 924,000 to USD 1.022 million.

The report claims attackers increasingly target the cloud. As the number of business-critical applications hosted in hybrid-cloud environments has increased, so has the attack surface for cybercriminals. The Threat Report shows that cloud service downtime downtime increased from 41% in 2019 to 50% in 2020, a sharp growth of nearly 22%.

The increased adoption of cloud services during the global COVID-19 pandemic may make the cloud even more attractive for attackers. 65% of respondents in India experienced cloud service downtime, against the global average of 50%.

In-house app downtime remained extremely high: 62% globally this year compared to 63% last year. with Malaysia standing out in Southeast Asia at 66%. As a whole, application downtime—whether in-house or in the cloud—remains the most significant result of DNS attacks; of the companies surveyed, 82% said that they had experienced application downtime of some kind. The Threat Report, now in its sixth year, shows the broad range and changing popularity of attack types. ranging from volumetric to low signal.

This year phishing led in popularity (39% of companies experienced phishing attempts), malware-based attacks (21%), and traditional DDoS (27%). Crucially, the size of DDoS attacks is also increasing, with almost two-thirds (64%) being over 5Gbit/s. In terms of having sensitive customer information stolen, Singapore scored the highest globally at 30%, outpacing India (27%) and Asia (25%), as well as the global average of 16%.

Despite these numbers, enterprise awareness of how to combat these attacks is improving: 77% of respondents in the 2020 Threat Report deemed DNS security a critical component of their network architecture, compared to 64% in the previous year. Additionally, use of Zero Trust strategies is maturing: 31% of companies are now running or piloting Zero Trust, up from 17% last year. Use of predictive analytics has increased from 45% to 55%.

According to IDC Research Manager European Security Romain Fouchereau, recognition of DNS security criticality has increased to 77% as most organizations are now impacted by a DNS attack or vulnerability of some sort on a regular basis.

“The consequences of such attacks can be very damaging financially, but also have a direct impact on the ability to conduct business. Ensuring DNS service availability and integrity must become a priority for any organization,” says Fouchereau.

According to EfficientIP VP Strategy Ronan David, DNS offers valuable information against would-be hackers that is currently going underutilized. According to results from the 2020 Threat Report, currently 25% of companies perform no analytics on their DNS traffic (compared to 30% last year). 35% of organizations do not make use of internal DNS traffic for filtering, and only 12% collect DNS logs and correlate through machine learning.

“In this era of key IT initiatives like IoT, Edge, SD-WAN and 5G, DNS analytics should play a much larger role in the security ecosystem. It offers valuable information that can make security strategies against hackers much more proactive and preventative. The COVID-19 pandemic has exacerbated the need to shore up DNS defenses, when any network of app downtime has major business implications,” says David.

David says there are several ways that companies can make better use of DNS analytics with threat intelligence and User Behavioral Analytics, to enhance attack protection capacity. A DNS security solution can feed SIEMs and SOCs with actionable data and events, may simplify and accelerate detection and remediation.

Of all companies surveyed, 29% used Security and Event Management (SIEM) software to detect compromised devices, and 33% of companies passed DNS information to SIEM for analysis (up from 22% in 2019).

(Ed. The full 2020 Global DNS Threat Report can be downloaded here.  IDC says the research was conducted between January to April 2020. The data collected represents respondents’ experience for the previous year. The results are based on 900 respondents in three regions – North America, Europe and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT Managers, Security Managers and Network Managers.)