DNS is one of the three main sources of data to detect and mitigate security threats, 94 percent of companies use it for this purpose.
Infoblox, the leader in secure network services managed from the cloud, has announced the conclusions of a study carried out in collaboration with Forrester Consulting, which shows that the vast majority of security managers in organizations consider DNS as a mechanism Useful for detecting and blocking security threats early, identifying potentially dangerous devices, and analyzing and responding to malware threats.
However, the Accelerate Threat Resolution With DNS report, which has been carried out through surveys of 203 senior managers of security and risk management of large corporations, also reveals that despite this, companies underuse the investments made in DNS management in your cybersecurity strategies.
The main conclusions included in this report, based on the opinions of the cybersecurity professionals interviewed, are the following:
- DNS is an effective but underused tool for threat detection and resolution, even in environments where “alert fatigue” occurs, that is, when there is a risk that the controls will relax due to the overproduction of false or security alerts. positive.
- 94% of those responsible for cybersecurity are already using or considering using DNS-based security mechanisms as a starting point to detect threats, but only 43% of them use this mechanism as a source of information to improve the intelligence of organization security.
- 66% of respondents use DNS security to mitigate all kinds of threats that exploit vulnerabilities in the DNS system and that other security tools fail to do, such as DNS tunnels/exfiltration of data, domain generation algorithms (DGA ) and other domain attacks. However, However, only 33% use internal DNS to stop malicious attacks on a large scale.
- 52% of professionals acknowledge the existence of so-called “alert fatigue” in their IT/cybersecurity department. 51% also acknowledge that they have difficulty managing and classifying detected threats, but only 58% of departments have automated processes to respond to them.
- The study was carried out through surveys of security and risk managers of large corporations (with a turnover of more than 1,000 million euros per year) inactivity sectors such as financial services, health, education, retail, and Public Administrations. The respondents belong to high levels of management in companies, senior executives (48%), vice presidents (11%), and directors (34%).
- The technical personnel of the security area dedicates an average of 4 hours a day to the detection of incidents. DNS management can help automate some of the most repetitive tasks in the search for threats, freeing up security resources to dedicate them to more complex problems.
On the study’s conclusions, Anthony James, Vice President of Product Marketing at Infoblox, comments: “It is positive to see that most professionals are aware of the importance of DNS as a tool for detecting and mitigating threats. However, it seems that are under-utilizing investments made in DNS management. As all IT departments seek to optimize the ROI of their investments, getting more out of DNS will help them do that by providing a single dashboard for threat visibility across the network, from the core to the end”.