More and more malware is using DNS not only to contact command-and-control servers but as a data exfiltration mechanism that can see your valuable and precious data “leaking” out from the confines of your organisation.
DNS is normally left relatively unsecured compared to other protocols because so many applications and servers depend upon it. Through the DNS forwarding mechanism, internal DNS servers can often resolve Internet DNS names either directly or via DNS servers located in a corporate DMZ.
However, malware can piggy-back onto these queries and use this mechanism to send sensitive corporate data out to the Internet as simple DNS queries. To a next-generation firewall that is looking for suspicious activity, they just look like normal DNS queries, however to a dedicated DNS firewall device, this traffic can be detected and blocked.
DNS firewalls are quite a new proposition, but convincing organisations to deploy them can be a challenge. That’s why we are offering a free DNS malware assessment to check if your organisations DNS servers are being targetted by malware.
Click here for instructions on how to take advantage of this free service.
About Paul Roberts
