5 minutes with... Ronan David, EfficientIP

Ronan David, Chief of Strategy at EfficientIP, explores Domain Name System (DNS) in networks and how it plays a critical role in a cyber kill chain.

Tell me about EfficientIP, your role and your responsibilities there
EfficientIP was founded in 2004, and we are a network and security automation company that specialises in DNS, DHCP and IPAM (IP Address Management) – DDI. We help by making sure your IP infrastructure is reliable, agile, and secure so it can be the absolute foundation of your network security. Through our technology, organisations can automate the life-cycle management of applications and infrastructures, and secure DNS services in order to protect users, apps and data whilst maintaining service continuity. I have been at EfficientIP since 2004 and have helped our transformation into a DDI software vendor by aiding the build of our go-to-market strategy and leading the sales operations. My current role at EfficientIP is Chief of Strategy, and I am responsible for strategic alliances and overseeing the development and delivery of an integrated marketing strategy for supporting sales revenue. Before I joined the company, I held sales and business development positions at Orange and
VisioWave.

What is the role of the Domain Name System (DNS) in networks and how can it play a critical role in a cyber kill chain?
The DNS is a fundamental part of an organisation’s network, with virtually all internet network traffic travelling through it. By translating the name of an application to an IP (Internet Protocol), the DNS is essentially the phonebook of the network – our networks and applications could not function without it. Whilst the DNS plays an important role in an organisation’s network, it can also be used to benefit cyber criminals. The DNS server is a goldmine of information, and it can be used by threat actors to learn about a certain network and applications in order to develop cyberattacks. Threat actors know that the DNS server provides an entry point for attacks and data exfiltration, ultimately resulting in it becoming a popular target. Research by EfficientIP and IDC showed that the top five types of DNS attacks - DNS phishing, DNS-based malware, DDoS, DNS tunnelling, and DNS hijacking/credential attack – have all increased over the last year, with each organisation on average suffering seven attacks per year. It is vital that organisations invest in DNS security solutions which mitigate risks and increase network security. A dedicated DNS security solution can give organisations better control over their applications, data, and users.


What is the importance of making the DNS part of an organisation’s security strategy?

Due to remote working, the considerable increase in cloud usage has created a number of new challenges for IT teams when it comes to security. An increased reliance on cloud-based services and applications has resulted in the risk of downtime being catastrophic for organisations. With 56% of respondents acknowledging that DNS is a critical component of their cloud strategy, it means that attacks on the DNS have disastrous consequences on organisations. Seven out of 10 enterprises experience in-house or cloud application downtime due to DNS attacks, with employees, customers, and partners unable to access anything on the network for hours. As well as the impact on individuals, attacks can have huge financial costs. For example, the average cost of an attack in 2022 was $942,000. At the current rate of DNS attacks, many companies will struggle to remain in business. When organisations suffer like this, it really shows the importance of DNS security in ensuring resiliency and secure access between users and applications. For organisations to properly protect users, data and applications, DNS security is a must-have in any modern arsenal of defence against cybersecurity threats.


Do you think attitudes need to change towards DNS security?
Interestingly, many organisations recognise the importance of DNS security, with 73% of organisations knowing it is critical to their business. Therefore, it seems quite perplexing that cyber criminals are still able to infiltrate networks through the DNS and attacks have increased. For many organisations, while they see the importance of DNS security, with 99% of enterprises having some sort of DNS security, they are yet to ensure it has been properly implemented. EfficientIP’s research showed that 43% of respondents do not use a security solution built into the DNS server. Therefore, threat actors can still use the DNS server as an entry point to deploy cyberattacks on an organisation’s network, which can then have a negative impact on business continuity, data, and user protection.Not only that, but organisations still do not use the DNS to enhance their threat intelligence capabilities. As mentioned previously, the DNS is a treasure chest of information about the network and it can be used to hunt and stop cyber criminals, however, 25% of organisations still do not collect or analyse their DNS traffic. The issue of properly securing the DNS has even caught the attention of the UK government. Since 2020, the Central Digital & Data Office has released advisories and guidance on how to protect domains, with the latest guidance in July 2022 stressing the importance of setting up domains securely and the use of multi-factor authentication. There are several steps organisations can implement to ensure that the DNS is the foundational component of network security to protect both data and business operations.

How can organisations implement DNS security effectively and make it part of their ecosystem in order to protect themselves from threats?

DNS security should enable organisations to have complete control over application access, by ensuring only specific users are permitted access to certain apps and services. Having control over ‘who accesses what’ reduces the attack surface of an organisation and prevents the lateral movement of malware, ultimately mitigating the impacts of a cyberattack. If we take into consideration that about 85% of malware uses DNS to develop their attacks, it really puts DNS at the very centre of any serious security strategy to detect their activities and mitigate associated risks. DNS security can then play a crucial part of an organisation’s wider security strategy. For example, in Zero Trust strategies, DNS security can become another layer of the framework which supports application access control and simplifies micro-segmentation. Additionally, DNS security must be able to provide real-time traffic analysis which can locate, and stop threats hidden in DNS traffic. This gives security teams the ability to quickly identify threat indicators, understand risk and prevent future cyberattacks. Whilst these tools are crucial, the most important asset to have within DNS security is automation. The usage of automation will enable the provisioning and de-provisioning of IP resources and eliminate the risk of misconfigurations, overall, reducing the likelihood of cloud downtime. Constant monitoring, thanks to automation, means that organisations can be confident that their DNS services are resilient against attacks and support business continuity. Following these important steps will result in the DNS no longer being seen as the weapon of choice for cyber criminals but for security teams instead.

What is next for EfficientIP?
There is a lot we can expect from EfficientIP. We are launching various new products and features, which is reflective of our constant need for innovation. From a corporate level, we are growing at a rapid rate, and we are planning to welcome more than 100 new employees across all departments to sustain the market demand for our product. We offer a great career opportunity to talented and motivated people who want to cut their teeth in the cyber and network security world. We are experiencing an exciting and genuine growth period so definitely stay tuned for more!

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security