FEATURE
The only way to
reduce the chances
of success for an
adversary is by
understanding,
controlling and
limiting their actions.
as checkpoints, evaluating the privileges
of the user behind each request before
they can pass through and potentially
access the valuable, sensitive data
stored on a corporate network. Users
are therefore kept to their own small
sections of the network, the vast majority
of users far away and separated by
countless walls from the sensitive data
an attacker would want. An attacker can
still get inside the network via a random
user’s account but will be trapped in a
small zone with minimal reward for their
effort and money spent.
Achieving the capability to authenticate
privileges on a network in real time
at each of these checkpoints can be
a challenge – one best solved at the
DNS client level. After all, most traffic
intent first goes through a DNS address
resolution. DNS already has perfect
visibility over all the traffic for each user,
resource and server on the network in
all their detail.
This is a result of the normal procedure
being to resolve the address of a request
before accessing it. Consider what an
advanced DNS firewall solution could
do if applied to every micro-segment in
a network, each potentially the size of a
unique IP address.
The only way to reduce the chances
of success for an adversary is by
understanding, controlling and limiting
their actions. With most internal threats
requiring the DNS to be an unwitting
accomplice to the crime, this is the first
and best place to start securing your
defences against a breach.
38
Issue 15
|
www.intelligentciso.com