One area of cybersecurity that is often neglected by small and medium-sized businesses is protection from web-borne attacks, although that protection is easy to apply if you have a DNS security solution. Before explaining what DNS security is, it is worthwhile explaining how standard security solutions fail to protect against many web-borne threats.
Standard Security Measures Leave Businesses Exposed to Web-Borne Threats
Many cyberattacks occur via the Internet, but it is understandable to think that reasonable protections are in place if you have a firewall, antivirus software, spam filter, and you keep on top of patching and operating system updates. A firewall protects your network from unauthorized access and a spam filter will block phishing attacks and malware delivery via email. If malware does sneak past your defenses, you have antivirus software to detect and remove it. While these measures were once sufficient, that is no longer the case.
If you invest in an advanced email security solution, it will identify and block the majority of email threats, but no email security solution will block every threat without also blocking an unacceptable number of genuine emails. Some malicious emails will bypass your defenses and will land in inboxes.
The most common threats to land in inboxes are phishing emails. Phishing emails contain links to websites where malicious actions are performed, such as the theft of credentials. Hyperlinks are also included in phishing emails that link to compromised websites hosting exploit kits. Exploit kits probe for and exploit unpatched vulnerabilities. An advanced email security solution will receive threat intelligence and will be updated with new malicious URLs to block, but threat actors are well aware of this and regularly change their URLs, only using them for a small number of phishing emails before moving to a URL that has not been identified as malicious. That’s means phishing emails are often not detected as such.
When a malware variant is identified, its signature is added to the virus definition lists used by antivirus solutions and spam filters, but new malware variants are constantly being released to evade these signature-based security solutions. If the signature is not in the list, the malware will not be detected as malicious and can be installed. Once installed, malware will disable security solutions to ensure the infection is not detected. Malware communicates with a command-and-control server, with communications often occurring via the domain name system (DNS). If DNS security is not implemented, these communications – which can include data exfiltration – will not be detected.
Many threats can be encountered through general web browsing. Threat actors often get their malicious websites listed in the search engine listings for key search terms using SEO poisoning and use malvertising – malicious adverts – to direct Internet users to malicious sites. Once a user lands on a malicious site, they may divulge sensitive information, inadvertently download malware, or in the case of an exploit kit, will have a vulnerability silently exploited.
What is DNS Security?
DNS security involves securing the DNS and using it to protect from web-borne cyberattacks. The DNS is like an address book of the Internet and was set up to allow domain names such as Google.com to be used instead of unique IP addresses. In order to connect to a web resource, its IP address must be found, which is what the DNS is used for. A query is sent to a DNS server to find the corresponding IP address for a URL, and the query is answered and the correct IP address is returned if that resource exists.
DNS-layer security uses this ultra-fast system to filter out undesirable and malicious content. If an attempt is made to visit a malicious site, rather than returning the IP address and making the connection, the user will be directed to a locally hosted block page and will be informed that the request has been denied. The request will be denied if the webpage is known to host malware, phishing content, or an exploit kit, or if the content violates administrator-defined policies. Administrators of DNS security solutions can block certain web content using blacklists, by category, or by the presence of certain keywords.
DNS security solutions can also be configured to block certain types of files from being downloaded via the internet, such as those often associated with malware – executable files for example. Another important feature of DNS security solutions is monitoring the DNS for command-and-control server callbacks, which will alert security teams about malware infections.
WebTitan: DNS Security Made Simple
WebTitan is an award-winning DNS security solution that protects businesses from web-borne threats such as phishing, malware, exploit kits, and also blocks malware communications. WebTitan can be used to carefully control the content that users of wired and wired networks can access over the Internet, supporting category- and keyword-based content control and will automatically block illegal content and malicious content.
WebTitan has industry-leading malicious URL detection thanks to proprietary Al-based and machine learning categorization engines and threat intelligence from a global network of more than 500 endpoints. When a threat is detected anywhere on those endpoints, every other user will be protected within a few minutes. The solution covers 99.9% of the active web, 100% of the Alexa 1 million most visited websites, and WebTitan processes more than 5 trillion web queries per month.
WebTitan is a set-and-forget solution that can be set up in just a few minutes. Apply your acceptable usage policies to control access to the Internet, set policies for the organization, user groups, or individuals, and you are done. All malicious content will be blocked automatically and the solution will be continuously updated by TitanHQ.
Filtering controls are applied with zero latency, the solution easy to use, and has a low management overhead. Administrators have full visibility into Internet activity and can see real-time views of Internet use down to the individual DNS query level.
To block more threats you need DNS security, and with WebTitan it couldn’t be any easier. For details of pricing, to book a product demonstration, and to get answers any questions you have about WebTitan, give the TitanHQ team a call. You can also try the solution free of trial for 14 days.