Preventing risky connections with DNS protection

Faced with a variety of cyber threats, organisations now have an opportunity to strengthen their security with a DNS protection solution and ensure the legitimacy of business-related traffic.

All organisations affected by the cyber threat

In recent years, Luxembourg has seen an exponential increase in the number of attacks. In 2020, some 180,000 incident tickets were opened with the Computer Incident Response Center Luxembourg, a state structure coordinating responses to cyber risks. That's 80,000 more events than in 2019 and twelve times more than in 2018. “All companies are now affected and all are subject to computer attacks,” explains Guy Baum, Product Manager. “Organisations face a wide variety of attacks, including phishing, malware and distributed denial of service (DDoS). More than ever, they must be aware of the threat and find ways to strengthen their security. Our role is to help them deal with the threat.”

Identifying attackers’ addresses

In this regard, one of the challenges is to prevent illegitimate and potentially malicious traffic that could affect a company's IT systems and business.

One way to do this is by analysing the DNS associated with incoming or outgoing traffic. “DNS stands for Domain Name System, which is the system used to send traffic to the right destination across the web,” explains Fanny Ngo Ngan Mintamack, Product Manager. “A unique domain name translates into an IP address. Like addresses in a directory, domain names facilitate exchanges between parties on the Internet, directing traffic to the right destination.”

Preventing risky connections

Being able to analyse domain names for incoming and outgoing traffic to the organisation's IT environment can significantly enhance IT security. “Today, many domain names are listed as being associated with malicious activity,” comments Guy Baum. “It is therefore possible to prevent all connections with remote servers known to be used to carry out illegitimate operations that pose a risk to the organisation.”

To make Luxembourg companies more secure, POST has deployed a “DNS Protector” feature as part of its Connected Office product. “The solution analyses the destination and origin of all outgoing and incoming traffic. The challenge is making sure that the connections made are legitimate,” explains Fanny Ngo Ngan Mintamack.

The solution was provided to all the legacy operator’s ConnectedOffice customers free of charge at the start of this year. Many organisations have seen their level of security increase as a result.

Protecting yourself from all types of attack

During a phishing attack, incoming content associated with a domain name listed as malicious will be blocked directly. If, despite this, a link reaches the user and the user clicks on it, the solution will prevent the connection from being established and display a warning message.

In addition to visible user traffic, DNS analysis also helps prevent invisible interactions between two servers or between apps. “During a ransomware attack, for example, malware deployed within the IT environment will be tasked with retrieving an encryption key from outside,” continues Guy Baum. “All this is done without the users' knowledge. Blocking traffic at the DNS level automatically prevents the intruder program from retrieving the key and can protect data and systems from attack.”

Cybersecurity intelligence

Using DNS analysis to prevent risky connections can therefore significantly reduce an organisation’s threat exposure. The challenge with this approach is to find the right balance in terms of analysis. “The aim is to block connections to malicious sites without disrupting legitimate traffic,” explains Fanny Ngo Ngan Mintamack. “To do this, we rely on the IT security intelligence of our partners, in this case CISCO Umbrella. This cybersecurity leader is constantly researching, identifying and classifying DNS according to the level of risk associated with them.”

Although not infallible, a protection solution based on DNS analysis prior to any connection attempt is now an essential component of every organisation's security system.