Skip to main content

Hybrid Approach to Security Needed for Maximum Protection Against Cyber Attacks

By: ‎Ashraf Sheet, Regional Director Middle East & Africa at ‎Infoblox
Are Software-as-a-Solution (SaaS) security solutions truly the panacea they are publicized to be? The answer is, it depends on how the SaaS solution is architected.
A majority of SaaS-only security solutions are “overlay” solutions that simply provide an additional layer of security on top of an enterprise’s existing network and security infrastructure. These overlay solutions are easy for the vendor to develop, but difficult for the customer to combine with other existing security solutions and derive value from.
In contrast, a hybrid approach to security is one that tightly integrates SaaS solutions with an enterprise’s existing IT infrastructure and leverages SaaS capabilities to seamlessly extend and scale on-premise solution performance. With a hybrid solution, the vendor does the heavy lifting of seamless integration with existing infrastructure, thus providing a unified solution, which unlocks valuable context available from the on-premises infrastructure. Such context allows the hybrid solution to prioritize threats better. In addition, the unified solution enables sharing of data with broader security ecosystem for an efficient and optimized incident response.
DNS as a Security Tool
As enterprises gear up to handle the barrage of increasingly targeted and sophisticated cyber attacks, security architects must take advantage of the visibility that each IT asset can provide. DNS is an excellent example of a scalable and pervasive network infrastructure protocol that offers unmatched visibility into network traffic patterns, malicious and otherwise. If used optimally, DNS can provide an affordable and scalable first line of defence for detection and mitigation of the vast majority of known threats. Behavioural analysis of DNS traffic can also serve as an “early warning system,” flagging potential zero-day threats in the network.
When it comes to DNS security, many organizations are interested in cloud-based SaaS-only solutions, which they think will be easier to implement and provide sufficient functionality to identify infected devices and protect against threats like malware and phishing attacks. SaaS for DNS security can be effective, but only when integrated with on-premise systems.
Overlay (SaaS-only) solution challenges
The way most SaaS-only DNS security solutions work is to enable businesses to forward their DNS traffic to the cloud, where DNS queries are processed and potential malicious activity is detected and flagged. In order to identify the infected end host, these solutions require the deployment of DNS forwarding proxies (running on virtual machines) deep inside the enterprise network or the use of endpoint agents. As enterprises move their workloads into private and public clouds, deploying and managing these proxies can become even more complicated.
Most enterprise DNS servers support the ability to block access to domains via configuration of response policy zones. By directing all DNS traffic to the cloud, SaaS-only solutions fail to leverage these existing security capabilities, which allow an enterprise to block the most egregious threats at the very first DNS server that detects it.
Further, because overlay solutions do not integrate with the incumbent enterprise DNS architecture, they leave enterprise administrators stuck with operating two separate and siloed management systems and having to manually correlate data between the two. Beyond the inefficiencies of managing two separate DNS systems, an even more significant drawback is that you sacrifice visibility and security context. Specifically, overlay solutions are unable to leverage the rich contextual data available in the enterprise DNS, DHCP, and IP address management systems (DDI). This context can help with prioritization of security threats, a key requirement for security analysts who are swamped with alerts they can’t keep up with.
Why a hybrid approach for DNS security
To recap, a hybrid DNS security approach weaves security right into the network control fabric of the enterprise. Tight integration with the incumbent enterprise DNS, DHCP, and IPAM infrastructure simplifies deployment and management brings efficiency and scale and improves overall security efficacy and effectiveness.  
Hybrid solutions offer enterprises complete flexibility in terms of deployment options – the best combination of on-premise and SaaS. And regardless of the deployment model, enterprises get all the benefits of integration with their DDI infrastructure:
  •  Reduces complexity: Hybrid solutions take away the hassle of deploying proxies throughout the network. The on-premise component of the solution can be configured to forward recursive DNS traffic to the DNS service in the cloud while preserving the ability to identify the end host associated with any security event detected in the cloud. This ability can be seamlessly extended to workloads running in private and public clouds as well.
  •  Increases flexibility: With a hybrid solution, customers may choose to leverage their on-premise DNS servers to block access to domains based on curated low false positive threat intelligence and leverage the cloud for a more comprehensive threat assessment based on a lot more threat data as well as big data analytics.
  •  Improves visibility: Hybrid solutions offer a single pane of glass for managing security across the enterprise DNS infrastructure.
  •  Enables threat prioritization: Rich network context data, e.g., where the device sits in the network, who is the user, how critical is the asset from a business standpoint, etc., that was locked up in network control protocols located on-premise can be made available in the security dashboards and used to intelligently prioritize threats for remediation.
  •  Improves intelligence: On-premise network and user context is automatically shared with the SaaS component of the solution, and security events detected in SaaS can be shared back with the security ecosystem on-premise, creating a closed intelligence loop across the enterprise. Indicators of compromise can be shared in real time with existing security infrastructure (on-premise or in the cloud) including endpoint security, NAC, vulnerability management, and SIEM solutions for an automated incident response such as quarantine, scan, or killing of malicious processes running on suspicious devices.
In conclusion, although a few organizations are truly cloud-first, most enterprises maintain a hybrid environment and need a more flexible, comprehensive solution for DNS security – and a hybrid approach is the key.
-Ends-

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

Insurtech startup Kruzr raises $1.3 Million from Saama Capital and Better Capital

InsurTech startup Kruzr has raised 1.3 Million USD (Rs. 9.5 Cr) for its seed round led by Saama Capital with participation from Better Capital. Kruzr is a preventive motor insurance technology which helps insurance companies personalize policy premiums & improve their risk model by delivering an engaging preventative driving assistant to their customers. Kruzr is founded by Pallav Singh, Ayan, and Jasmeet Singh Sethi.

Kruzr blends the power of voice technology and artificial intelligence in its personal driving assistant that helps drivers minimize mobile distractions, drowsy driving, speeding and external risks like weather and accident-prone zones. In pilots with insurers, Kruzr managed to cut down distracted driving by 80%. Kruzr is working with motor insurance companies in Europe, UK and India to bring its technology to their customers to prevent accidents & improve claims.

“Road accidents cause over 1.3 million deaths globally every year, and motor insurance companies los…