NSA, CISA issue guidance on Protective DNS services

Cyber Security News

The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) launched a joint facts sheet Thursday that provides advice on the positive aspects of using a Protective Domain Title Technique (PDNS).

A PDNS support works by using existing DNS protocols and architecture to examine DNS queries and mitigate threats. It leverages various open up source, professional, and governmental threat feeds to categorize area info and block queries to identified malicious domains.

In accordance to NSA and CISA, the company delivers defenses in various details of the network exploitation lifecycle, addressing phishing, malware distribution, command and handle, domain technology algorithms, and written content filtering. A PDNS can log and help save suspicious queries and supply a blocked response, delaying or stopping destructive steps – these as ransomware locking sufferer information – while allowing businesses examine employing individuals logged DNS queries.

The info sheet provides a checklist of providers, but NSA and CISA were crystal clear that the federal agencies do not endorse one particular company about a further. The 6 companies stated are: Akamai, BlueCat, Cisco, EfficientIP, Neustar, and Nominet.

NSA and CISA based mostly its recommendations on the lessons discovered from an NSA PDNS pilot, where by NSA partnered with the Department of Protection Cyber Criminal offense Centre to give PDNS-as-a-service to many customers of the defense industrial base. More than a six-thirty day period period of time, the PDNS service examined far more than 4 billion DNS queries to and from the participating networks, blocking tens of millions of connections to determined malicious domains.

Scientists say security execs should consider of PDNS alternatives as a “DNS firewall” that signifies a rational way to actively leverage danger intelligence linked to registered domains, claimed Oliver Tavakoli, chief technology officer at Vectra.

“Like other preventive methods, they are beneficial in shielding companies from identified bads, but in the end tumble shorter in blocking the early phases of a new attack or much more advanced assaults,” Tavakoli stated. “So it tends to make sense to implement PDNS to lower attack floor, even so, it really should not be believed of as a preventive silver bullet that obviates the require to detect attackers who know how to bypass these protections.”

Ray Kelly, principal security engineer at WhiteHat Security, added that DNS exploitations are continue to unbelievably rampant and call for some focus simply because they are these kinds of an powerful strategy used by destructive actors.

“The functionality to reroute email, consumer web browsers, as nicely as distribute malware at scale are probable when a DNS tackle has been compromised,” Kelly explained. “Any methods to mitigate attack vectors this kind of as DNS spoofing and DNS cache poisoning will go a extensive way to enable keep consumers and companies risk-free from this sort of threats.”