Mark likes to return customer emails from his local coffee shop, Jennifer considers a plane her second office, and Tim – well, sometimes Tim has to respond to that urgent request in the wee hours of the morning, no matter where he is. The days where everything was contained within your secure network perimeter are gone. Business today happens on the go.
There are more business-owned laptops accessing the Internet from outside networks than ever before, with Gartner predicting the average company will see 25% of its traffic bypass their network perimeter entirely by the year 2021. Cloud applications are now integral to business processes, allowing users to connect directly to the application, anywhere in the world. People are working from the places they find the most comfortable and convenient, and businesses are reaping the benefits of higher productivity, reduced attrition, and significant cost savings. The benefits of a mobile workforce are numerous, but as more work occurs off-network you lose visibility and protection over the weakest link in security; users.
With 90% of cyber attacks starting with a phish, users are THE prime target. And, users are even more vulnerable to these type of attacks when they are outside of your perimeter. When off-network, they not only lack core security protections, they are often using their devices in uncontrolled environments rife with unsecured Wi-Fi networks, and full of distraction. 81% of businesses have experienced Wi-Fi related security incidents that have compromised their mobile employees. 64% of midsize businesses report instances of employee-issued laptops becoming infected with malware while off of the corporate network.
In the past, securing a remote workforce required back-hauling traffic from branch offices and mandating VPN use to keep users safe. As more work moves off-network this process becomes complex to administer, and unnecessarily cumbersome for the average user. To make matters worse, users will often skip the VPN entirely when performing personal tasks or connecting directly to Cloud applications, leaving them unprotected anyway.
Keeping up with this fast-paced new reality requires a lightweight, always-on approach to security that not only delivers protection, but also provides visibility when your user visits a risky place on the Internet – no matter where they are in the physical world. Thankfully, the Doman Name System (DNS) makes this possible.
Protecting Users at the DNS-Level
DNS is the backbone of the Internet, functioning as the de facto phone book that translates domain names into IP addresses. DNS allows the average user to navigate to google.com instead of entering a numerical IP address. DNS is almost always the first step in the process of connecting to the Internet and is used by nearly every device that needs a connection. It is also one of the tools of choice for hackers who fool users and redirect traffic to malicious servers by spoofing the DNS record of legitimate sites.
As a first line of defense, inspecting each DNS request to determine which are malicious and which are legitimate can prevent a user’s risky click from turning into a major security incident. There are many DNS-filtering tools available, but not all are created equal.
Here are some things to consider when sourcing DNS security:
- The More Query Data, the Better. Google receives upwards of 1 trillion DNS queries each and every day. While no DNS solution can analyze all of these, each DNS request can help to identify and uncover an attack, and reveal patterns in the broader threat landscape. Ensuring your chosen solution has as much breadth of coverage as possible is essential. Look for a solution that aggregates threat data from multiple sources, including those built by people who have been attacked or are active in breaking apart malware.
- A Little Cyber Stalking Goes a Long Way. Crowdsourcing threat data can be very effective, but your DNS security provider should also curate a set of their own data, derived from triaging customer infections, domains reported to them by customers, as well as analysis of user-reported phishing and spear phishing attacks. The provider should be proactive in their approach, constantly watching for attackers as they set themselves up on the Internet. For example, monitoring domain registrations on sites like Let’s Encrypt, which provides certificates for free, can reveal phishing and malware campaigns in staging.
- Teachable Moments Are Powerful. While there is evidence that employee education and phishing prevention solutions are effective in stopping basic phishing attempts, attackers have responded by making phishing emails more sophisticated and convincing. That’s why it’s more important than ever for organizations to train their employees to spot phishing efforts. Look for a solution that not only makes this easier, but even makes it responsive and immediate. Evidence shows reinforcing security training as soon as possible after an attack is an effective way to prevent normally repeat offenders from falling victim again.
- An Ally, Not Just a Vendor. Just because an attack was stopped, doesn’t mean the attacker has given up. Without a team of security experts in your business, making heads or tails of what happened and how to move forward can be confusing. To stay on top of threats, some DNS security providers employ a team of experts to analyze and triage threats. Look for a provider that is proactive in communicating with you and keeps you informed on what kind of an attack has happened, what the attacker’s goal was, as well as makes recommendations on how you can respond.
Want to learn more about how to secure your users on the go? Join my webinar, Hacked on PTO: No Vacation from Vulnerability, on August 28, 2019 at 8:00-8:30 am PDT or at 3:00-3:30 pm GMT