• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Gartner™ quick answer: How can organizations use DNS to improve their security posture

Author avatar of Nicholas ConsoloNicholas Consolo
August 24, 2021 • 5 minute read
View blog >

Most network administrators, risk management teams, and cybersecurity professionals think of the Domain Name System (DNS) primarily as a utility service. While they aren’t wrong – DNS plays a critical role in connecting users to the Internet – the ubiquity of this system also means that investing in DNS-layer security can go a long way when it comes to improving a network’s overall security posture.

That’s precisely the argument made by the cybersecurity professionals at Gartner in their recent report Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?1 According to the report, “DNS presents security and risk management leaders with some excellent opportunities to anticipate, prevent, detect, and respond to prevailing threats.” The report then goes into detail, offering suggestions for ways in which organizations can secure DNS-layer activity in order to safeguard sensitive data.

At Cisco Umbrella, we’ve seen plenty of bad actors infiltrate vulnerable networks through DNS-layer activity. In fact, DNS-layer security remains a foundational part of our ever-expanding security stack. So, we encourage you to download the Gartner Quick Answer report to get a better idea of how you can configure your own DNS solution in order to create a safer network.

But, if this is the first time you’ve thought about securing DNS-layer activity, there are a few things you should know:

How does DNS work?

The domain name system forms a ubiquitous and invisible part of internet activity. The truth is that most of us don’t pay much attention to what’s happening at the DNS layer unless an outage suddenly cuts off our internet connection. So, if you aren’t entirely sure what DNS is, you aren’t alone – we even put together a blog post explaining how DNS works.

But for the sake of understanding Gartner’s DNS-layer security recommendations, here’s what you need to know:

  • Every device connected to the internet – from your personal laptop to the servers that host websites or applications – has a unique IP address
  • In order to connect to another device on the internet, your computer needs to know its IP address
  • Authoritative DNS servers store a regional list of domain names and their associated IP addresses
  • Recursive DNS servers – also called DNS resolvers – will query authoritative DNS servers in order to provide your computer with the correct IP address for the domain name you type into your browser

Every time a user accesses the internet, their computer sends a request to a recursive DNS server, which sends a request to authoritative DNS servers, which send the appropriate IP address to the original computer like so:

A graphic showing how a laptop queries a recursive DNS server, which queries three authoritative DNS servers to find the IP address by examining the root, the com. and the domain.com. Then, that information is sent back to recursive DNS servers, and then back to the initial device.

Most organizations – especially those that don’t secure DNS-layer activity – leave the operation of recursive DNS servers to their Internet Service Provider (ISP). Unfortunately, this can make a network vulnerable to a whole host of online threats.

DNS-layer activity is probably less secure than you think

Despite forming the bedrock of internet activity, DNS-layer activity doesn’t usually get a lot of attention from security teams. In fact, most cybersecurity solutions don’t inspect DNS packets or flag anomalous DNS-layer activity. And as you can imagine, this makes the DNS layer into the perfect venue for bad actors to use when infiltrating networks.

Many of today’s sophisticated cyberattacks – including the high-profile ransomware attacks that circulate each news cycle – gained a foothold because organizations lacked DNS-layer security. The stories are variations on a theme: a DNS resolver connects an unwitting user to a dangerous domain. There, they download a seemingly innocent file, which is transported to their computer through DNS-layer packets and prompts the installation of a malicious program. The program establishes DNS tunnels to an off-network threat actor for data exfiltration or callback activity. Then, the program establishes DNS tunnels to other devices on the network so that the malicious program can spread freely through uninspected, invisible DNS packets.

Ransomware lifecycle illustration

DNS-layer activity plays a critical role in the success of many cyberattacks because it enables almost every stage of the attack. Moving through the DNS-layer, a single attack can cripple an entire network in hours. And, because almost all of the activity occurs on the DNS layer, most network administrators or security teams don’t realize what’s happening until it’s too late.

DNS-layer security protocols help keep your network safe

No company wants to be the next 5 o’clock news headline for a recent cyberattack. So, making sure you add that addition layer of protection to your security stack to secure DNS-layer activity on your network is critical. The first step involves gaining control of your DNS resolvers.

Unsurprisingly, you can gather a lot of useful data from your recursive DNS servers. This includes information about the servers your network users are connecting to and information about anomalous DNS activity occurring in your network. Once you have this information, you can configure your recursive DNS servers to be more selective about the kinds of websites users can visit, the kinds of files they can download, or the kinds of on-network activity that gets permitted.

The Gartner Quick Answer report goes into detail on ways you can configure your recursive DNS resolvers to maximize security. These range from implementing protocols that help identify malicious domains to logging information that helps determine network risks.

Paid vs. prosumer DNS-layer security

When the time comes to integrate a secure DNS solution into your existing security stack, you’ll find you have several options available. Organizations that operate their own DNS resolvers – instead of relying on recursive DNS servers operated by ISPs – can always configure these servers to improve security posturing. Creating allow and deny lists for trusted and risky domains can prevent users from connecting to malicious domains. Additionally, monitoring DNS logs can enable a security team to spot active threats on a network.

Before going the prosumer route, however, you should be aware that configuring a thorough DNS-layer security solution for your network will require a significant investment of time and computing capacity. DNS logs, which will need to be stored for analysis, can be voluminous even for small organizations. And, accurately identifying risky domains can prove difficult without a robust threat intelligence database at your disposal.

This is why many organizations choose to partner with DNS-layer security providers. At Cisco Umbrella, we provide our clients with secure DNS solutions that are powerful, easy to deploy, and simple to manage. So, when you partner with us, you won’t need to worry about painstakingly configuring your DNS resolvers or combing through volumes of DNS logs. Instead, you can deploy our secure DNS system in minutes. After deployment, all outgoing and incoming DNS traffic will pass through our proprietary resolvers, which are already configured to flag and block risky domains or identify and isolate anomalous network activity. We strive to be as transparent as possible when it comes to sharing this data, presenting the criteria we used to block DNS connections in an easy-to-navigate dashboard.

What’s more, Cisco Umbrella DNS-layer security packages come backed by Cisco Talos Threat Intelligence, one of the largest commercial threat intelligence teams in the world. This means that our DNS resolvers can identify and block access to risky domains with more efficacy than the vast majority of paid and prosumer recursive DNS server options. In fact, a recent study conducted by AV-TEST rated Cisco Umbrella #1 in security efficacy.

Are you ready to secure your organization’s DNS-layer activity?

It’s time to protect your network from cyberattacks, starting at the DNS layer. To learn more about the benefits of DNS-layer security – and how you can configure your recursive DNS servers to improve your organization’s security stance – download the Gartner Quick Answer report today!

1Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?. Craig Lawson, John Watts, 8 June 2021.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella