• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • Navigation-dropdown-promo-threat-report_020521
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Research

Cisco Security Report: Majority of Orgs Do Not Monitor DNS

By Owen Lystrup
Posted on January 21, 2016
Updated on August 10, 2020

Share

Facebook0Tweet0LinkedIn0

Cisco’s annual security report released this week, covering everything from threat intelligence, aging infrastructure, geopolitical Internet governance, outsourcing security, and many other topics. The comprehensive report is a view of the security landscape, including results from a large survey that aims to take the pulse of infosec organizations and how they are spending budget and tackling their security challenges. A portion of the report is dedicated to how important it is for organizations to monitor DNS for attack indicators, though a good majority do not do so.

In July 2014, OpenDNS Security Labs conducted an informal survey to find out how many companies were monitoring recursive DNS, and the results were not positive. Nearly 67 percent of responders indicated they do not monitor recursive DNS for malicious traffic. The same year, the Verizon Data Breach Investigations report called DNS one of the most valuable sources of data within an organization, recommending that it be mined regularly and cross-referenced against threat intelligence.

Cisco Cloud Security Research Lead Dan Hubbard said security teams that are not monitoring DNS for indications of compromise are missing an opportunity. “Aside from routing protocols, DNS is the lowest layer of the Internet,” Hubbard said. “And because it’s so robust and reliable, criminals use it too.”

According to the Cisco report, more than 91 percent of attacks use DNS in some way, either to communicate with a control servers, exfiltrate data from targets, or receive new commands to infiltrate networks further.
Hubbard said to get that figure for the report, his research team analyzed six months’ worth of known malware signatures from Threat Grid’s intelligence data, detonated the attacks in a sandbox, and observed which attacks used DNS to communicate.

“Most organizations have systems that sit above the DNS layer, like secure web gateways and firewalls,” he said. “But soon, your car, your heart rate monitor, your refrigerator, are all going to use DNS. It’s the most pervasive protocol.”

The Cisco security report notes that many organizations may not monitor DNS because security and DNS are often managed by two different teams. And while that may be true, Hubbard thinks it’s also a matter of prioritization. The dependability and simplicity of DNS can turn it into an organization’s security blind spot.

To read the rest of the report, visit Cisco’s security portal. For more discussion about the DNS security blind spot, see the webcast with Dan Hubbard here.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella