Phishing attacks are one of the most significant threats organizations face. According to the Verizon 2021 Breach Investigations Report, 36 percent of breaches are connected in some way to a phishing attack, up 11 percent from the previous year. What’s more, threat actors continue to refine their techniques to increase the odds that a user will fall for the attack.
Security awareness training is a first line of defense against phishing attacks. Users need ongoing training to help them recognize phishing attacks so they won’t click on malicious links and attachments. However, even the best training programs will not be 100 percent effective. The Verizon report notes that carefully crafted spear-phishing emails have click rates higher than 50 percent.
That’s why Domain Name System (DNS) protection should be part of every organization’s security toolkit. DNS security solutions work with the Internet’s “address book” to effectively block connections to malicious domains. Best-in-class solutions are cloud-based, so they can be implemented quickly to provide near-immediate protection against phishing, malware and other attacks.
Limitations of Traditional Tools
Every time a user clicks on a link or types a domain name into a browser, the DNS goes into action. It looks up that URL and translates it into the unique IP address of a server that’s connected to the Internet. The server can then deliver content and other resources to the user’s device.
The problem is that web content can sometimes be malicious. Hackers set up domains to host and distribute malware or serve as command-and-control servers for attacks. There are also legitimate domains that have been compromised in a security breach that enabled hackers to add malicious content.
Traditional firewalls are designed to block malicious connections, but they are reactive — they go to work after the connection has been made. Furthermore, they cannot protect users who are working outside the secure network perimeter. That’s a significant gap, given the rise of remote and hybrid work models.
Antimalware tools are also reactive, using known signatures and attack patterns to detect threats while they are actively running. Endpoint detection and response (EDR) solutions go further, continuously monitoring devices for suspicious behavior that could indicate an attack. EDR is more effective against zero-day and stealth attacks, but only after the threat has reached the endpoint device.
The Value of DNS Security
DNS security solutions block threats at the DNS layer, before the connection occurs. Users’ DNS requests are routed through the security tool, which checks to see if the domain or IP address is associated with malicious activity. If so, the DNS security tool blocks the connection and redirects the user to a block page. If a device is infected with malware, DNS security can prevent the malware from connecting to the hacker’s command-and-control server so that malicious code can’t be executed and data can’t be exfiltrated.
WatchGuard DNSWatch is a cloud-based DNS security tool that automatically protects remote and onsite users from phishing and other attacks. When a user clicks on a malicious link, it routes them to a page that provides phishing education.
Attackers are kept engaged in the DNSWatch Blackhole so the WatchGuard threat intelligence team can learn more about them. This enables DNSWatch to provide detailed information on the type of attack and the attacker’s objective. Because alerts are prioritized, IT teams don’t have to wade through logs to find critical information.
DNS security is not meant to replace firewalls, antimalware solutions, EDR and other tools. It complements them as part of a layered security approach. Contact Verteks to discuss how DNS security can help protect your users against phishing and other attacks.
