DNS, DHCP & IP Address Management appliances
For Microsoft DNS & DHCP servers
For open source DNS & DHCP servers
Cloud-based visualization of analytics across DDI architecture
Manage multi-vendor cloud DNS servers centrally
RIR Declaration Management and Automation
Automated network device configuration and management
Centralized visibility over all your clouds
A single source of truth for your network automation
Why DDI is an Obvious Starting Point
DNS Threat Intelligence for proactive defense
Intelligence Insights for Threat Detection and Investigation
Adaptive DNS security for service continuity and data protection
Improve Application Access Control to prevent spread of attacks
Protect users and block DNS-based malware activity
Carrier-grade DNS DDoS attack protection
Optimize application delivery performance from the edge
for Proactive Network Security
Visibility, analytics and micro segmentation for effective Zero Trust strategy
Enable work from anywhere by controlling access, security and data privacy
Simplify management and control costs across AWS, Azure and GCP environments
Risk-free migration to reduce DDI complexity and cost
Move risk-free to improve performance, security and costs
Automate management, unify control and strengthen security of connected devices
Protect your network against all DNS attacks, data exfiltration and ransomware
Enable zero touch operations for network management and security
Improve resiliency, deployment velocity and user experience for SD-WAN projects
Integrated DNS, DHCP, IPAM services to simplify, automate and secure your network.
Simplify design, deployment and management of critical DDI services for telcos
Optimize administration and security of critical DDI services for healthcare
Simplify and automate management of critical DDI services for finance
Simplify and automate management of critical DDI services for higher education
Simplify and automate management of critical DDI services for retail
Simplify Management and Automation for Network Operations Teams
Elevate SecOps Efficiency by Simplifying Threat Response
Open architecture for DDI integration
Technology partnerships for network security & management ecosystems
Extend security perimeters and strengthen network defenses
Submit requests for temporary licenses
Submit access requests for EfficientIP knowledge platforms
Submit membership requests for EfficientIP Community
Strengthen Your Network Protection with Smart DNS Security
Customer-centric DDI project delivery and training
Acquire the skills needed to manage EfficientIP SOLIDserverโข
Identify vulnerabilities with an assessment of your DNS traffic
Test your protection against data breaches via DNS
Dedicated representation for your organization inside EfficientIP
Explore content which helps manage and automate your network and cloud operations
Read content which strengthens protection of your network, apps, users and data
Learn how to enhance your app delivery performance to improve resilience and UX
Why Using DNS Allow Lists is a No-Brainer
This enterprise-grade cloud platform allows you to improve visibility, enhance operational efficiency, and optimize network performance effortlessly.
Who we are and what we do
Meet the team of leaders guiding our global growth
Technology partnerships for network security and management ecosystems
Discover the benefits of the SmartPartner global channel program
Become a part of the innovation
The latest updates, release information, and global events
April 11, 2018 | Written by: Efficient IP | DNS, DNS Security
Client Query FilteringComplianceData exfiltrationData protectionData TheftDNSDNS Data ExfiltrationDNS FilteringDNS Threat IntelligenceDNS TunnelingEnterprise Network SecurityGDPRThreat Intelligence
Who nowadays is not worried their data will be used without their permission? Recent major data breaches, from Equifax to Facebook have accentuated consumer fears, and the introduction of data protection laws across all continents (GDPR in Europe, for example) are stressing out Data Protection Officers. The one bright light is that enterprises are finally realizing that legacy systems alone are inadequate for preventing data theft, and so are turning to more holistic approaches involving, in particular, innovative solutions offering real-time analytics of network traffic.
Data exfiltration can be extremely difficult to detect as it often closely resembles typical network traffic, meaning incidents only become noticed long after exfiltration has already been achieved. DNS is recognized as one of the most discrete options for cyber criminals to carry out data exfiltration as DNS traffic is not often analyzed (by 68% of companies – Cisco 2016 Security Report) and is difficult to efficiently track with existing network inspection tools, especially considering the high volume of DNS traffic. The DNS protocol is therefore manipulated to act either as a tunneling protocol or as a ‘file transfer’ protocol. The consequences are huge – loss of sensitive data/ intellectual property, severe corporate brand damage, and customer churn.
Firewalls, by design, are ineffective against data theft – simply blacklisting a remote malicious IP will do little to prevent DNS exfiltration in your network. Traditional detection algorithms focus only on DNS packet frequency, payload, data encoding, or entropy of the requests. Whilst this has the benefit of easily filtering part of the malicious traffic, it is extremely resource-consuming and easily abused, leaving you blind to advanced DNS attacks.
Standard security solutions such as next-gen firewalls, anti-DoS and IPS also have no insight of DNS query exchange sequences across cache and recursive functions, making it impossible to understand client context. This peripheral analysis will never provide enough information to identify DNS tunneling, allowing confidential data to be exfiltrated without triggering any alarms – a point validated by the fact that 28% of companies were victims of data theft via DNS in the past 12 months (2018 Coleman Parkes DNS Threat Survey). It’s easy to check how weakly your firewall protects you – just buy one of the hacker tools available on the web – they’ll enable passing through even next-gen firewalls.
Of equal importance, the countermeasures offered are limited to merely blocking traffic or dropping suspect queries from suspected IP addresses. As this leads to legitimate traffic also being blocked, your business operations and bottom line risk being significantly impacted.
Most businesses using legacy solutions don’t even know that data is being exfiltrated until it is too late. But fortunately, real-time analytical solutions have become available to help detect & mitigate data theft attempts.
The DNS protocol allows for a huge variety of queries to be exchanged between a client’s device and external servers. Although this facilitates data exfiltration, such queries look atypical compared with normal traffic when they are viewed between DNS cache and recursive functions. So by embedding a security layer at the heart of the protocol in the DNS server itself, you’re able to get real-time, context-aware threat detection and remediation.
Using real-time DNS transaction inspection allows network managers to assess the validity and correctness of DNS traffic in the specific context of each enterprise. Overcoming the peripheral traffic visibility limitations of signature-based security systems is the key for delivering true DNS analytics and behavioral threat detection capabilities. A powerful, adaptive base of intelligence can be built up around DNS services meaning that suspect client activity can be detected even before the related domain has been specified as being malicious. It also helps eliminate risks of blocking legitimate traffic, as legitimate customers and malicious actors can be differentiated.
While data-loss prevention (DLP) solutions protect against data leakage via email, web, FTP etc. by monitoring data, they never consider DNS-based exfiltration. This gap needs to be closed in order to prevent DNS from being used as a back door for data theft. By building intelligent detection capabilities directly into the DNS infrastructure, both sets of information gathered can then be sent to SIEM to provide enhanced reporting.
For countering exfiltration, threat response efficiency can be improved using near real-time threat intelligence, and further enhanced with external security feeds such as SURBL which provide security intelligence from global traffic analysis, leveraging machine learning and predictive analytics – once a threat is detected, even locally, it’s always interesting to sync all security devices accordingly. This global approach helps security operations take the best course of action for mitigation.
Furthermore, when integrated with the network security ecosystem, IP data provided can help find and isolate suspicious clients. Tight integration between detection technologies and endpoint remediation solutions or NACs, such as Cisco ISE, provide indicators of compromise (IOC) when an endpoint is trying to exfiltrate data. The malicious process can automatically be banned from future execution/connection, infected endpoints (even those outside the enterprise) quarantined and data theft prevented.
It is becoming increasingly evident that organizations aiming to address growing network risks need to monitor DNS communications, recognize unusual or malicious activity, and inform the broader security ecosystem to protect against the lateral movement of threats.
As shown in the aforementioned threat survey, businesses globally are starting to look beyond traditional security solutions which have proven to be ineffective against data exfiltration via DNS, with many (38%) prioritizing real-time monitoring and analysis of DNS traffic. Even attacks trying to stay under the radar will be detected rapidly, helping ensure regulatory compliance and avoid brand and financial damage for your company. So why would you keep relying only on your firewalls to protect you?
When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.
Explore content highlighting the value EfficientIP solutions bring to your network
We use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site.