Networks and the Internet depend on domain name servers, the dynamic host control protocol, and the management of IP addresses. These three technologies - grouped under the name of DDI (DNS, DHCP, IPAM) - are at the heart of the operation but that also makes them a tempting target.
We spoke to Ronan David, Head of Strategy at EfficientIP, to find out why DDI is so vital to online security and how automation can help
RD: That's a very good question, these services are very old technologies that are still essential to the operation of networks. Over the past few years we have seen a dramatic increase in the complexity of networks, devices, applications, application networks are all becoming more distributed. For now, if you want to establish a secure and dynamic connection between users and applications, you must rely on DDI services.
Note:- original sites for browse why networking technologies remain at the heart of online securityaround this website.
That's why today, if you want to provide end-to-end automation or if you really want to secure your network infrastructure, you need to consider DDI services. Otherwise, it is simply not possible to dynamically deploy your services. So just an example with function virtualization. If you want to take full advantage of virtualization and be able to deploy a new server in minutes, you will have many different technologies available to achieve this goal. The server is not connected to the network until the configuration obtains an IP address, and the application is not visible to all users until the minute the application obtains the domain name. DDI is really about giving all devices access to the network and then making all applications visible.
BN: Was that evidenced by the pandemic effect?
RD: The pandemic has highlighted the need to have many different technologies in place in order to continue working. So, of course, that accelerated the need for this kind of technology and the security aspects to be effective. Threats around DNS names are growing. We have seen a proliferation of name phishing attempts with millions of domains being traded, the threat is extremely dynamic. DNS is part of the security arsenal.
BN: How can companies better protect themselves against these threats?
RD: In the past, we didn't always take into account that these things could potentially be targets for hackers, but now things are changing. The first level of defense around the DNS uses standard technologies such as firewalls. That's good, but today we need to take the next step as we did in the past to secure messaging services. You cannot rely on a generic security system if you want to effectively and efficiently protect your email services, you need purpose-built technology. Likewise, if you really want to protect your DNS services, you need to have security built in.
DNS can be the target, which means that if you stop a DNS server, this will of course have implications as no more applications will be available to users within the company, or you will be disappeared from the internet if we let's talk about DNS services. So it really hurts business continuity and awareness. But the DNS is also a threat vector. Which means it's the other side of the cyber kill chain. It is not just a target, it is also a threat vector used by malware. According to a recent Cisco survey, between 85% and 90% of malware uses DNS to develop the attack. These aspects must therefore also be taken into consideration by a large organization.
BN: Are we going to rely on automation and artificial intelligence to improve protection?
RD: The ability to provide infrastructure analytics is absolutely critical.
The challenge behind this is the level of data you have to handle as you have a lot of requests per second. You need a solution that can provide these on-the-fly DNS traffic scans and getting it between users and the destination of the query is the challenge.
Automation is indeed another aspect to further improve safety in response. Real-time DNS traffic analysis is absolutely essential to be able to see hidden threats in the traffic. And also then to automate the response because of course you need a response that can be executed only at DNS level. But it must also be a security system.