Intelligent CISO Issue 15 | Page 38

FEATURE The only way to reduce the chances of success for an adversary is by understanding, controlling and limiting their actions. as checkpoints, evaluating the privileges of the user behind each request before they can pass through and potentially access the valuable, sensitive data stored on a corporate network. Users are therefore kept to their own small sections of the network, the vast majority of users far away and separated by countless walls from the sensitive data an attacker would want. An attacker can still get inside the network via a random user’s account but will be trapped in a small zone with minimal reward for their effort and money spent. Achieving the capability to authenticate privileges on a network in real time at each of these checkpoints can be a challenge – one best solved at the DNS client level. After all, most traffic intent first goes through a DNS address resolution. DNS already has perfect visibility over all the traffic for each user, resource and server on the network in all their detail. This is a result of the normal procedure being to resolve the address of a request before accessing it. Consider what an advanced DNS firewall solution could do if applied to every micro-segment in a network, each potentially the size of a unique IP address. The only way to reduce the chances of success for an adversary is by understanding, controlling and limiting their actions. With most internal threats requiring the DNS to be an unwitting accomplice to the crime, this is the first and best place to start securing your defences against a breach. 38 Issue 15 | www.intelligentciso.com