You Can’t Secure What You Can’t See
Timothy Rooney
01. Sept. 2023
Considering that the first step in connecting to an Internet site such as a website entails a domain name system (DNS) query to translate the text-based site name to an IP address, we can posit that the DNS query (and response) essentially comprises the preamble to an IP connection. When investigating why a given device with a particular IP address initiated a connection to a suspicious Internet site, the DNS query and response may provide a clue, if not the answer as to what was the intended destination by query name, and what was the answer, perhaps nefarious, by the resulting response.
Open your eyes to better security
Given many such cyberthreat investigations (CTIs) occur some time after an initial connection establishment, given the delay in detecting, qualifying, and reporting a potential incident, retention of connection details, including DNS details, enables full visibility to each aspect of the potentially nefarious activity. Passing DNS log data with other system log messages to a security information and event management (SIEM) system enables aggregation and centralization of connection details, though data volume and pricing may quickly become exorbitant. In addition, many DNS systems provide logging of DNS queries but logging of responses may require additional configuration.
Cygna Labs = DNS flexibility
Cygna Labs offers two DNS management solutions, or more broadly, DDI (DNS/DHCP/IPAM) solutions, to provide centralized configuration, monitoring, and management of DNS servers distributed throughout your enterprise network, including private or public clouds, and leading public cloud DNS systems. Our VitalQIP and Diamond IP DDI solutions afford customers consistent, accurate, and simple management of disparate DNS deployments on multi-vendor, multi-cloud DNS platforms.
Cygna Labs parallels its DDI flexibility with its DDI visibility and security products, offering DDI Guard software for VitalQIP customers and IPAM Auditor appliances for IPControl customers. Both solutions enhance respective DDI implementations, offering centralized collection, consolidation, and reporting of DDI transactions, with summary visualizations, graphical predictive reports, and drill-down to packet-level details.
Cygna Labs DDI security
DDI Guard offers centralized visibility to DNS (and DHCP) packet-level transactions across your network, providing dashboards, reports, and alerts for anomalous conditions. An archive system is also available to store more data over time to address retention and compliance requirements. IPAM Auditor likewise provides insight into DNS queries and responses (and DHCP) with rich graphical dashboards and reports, and packet level drill-down for forensics. Both solutions provide these features plus drill-down to individual DNS queries and responses to enrich CTI, enabling full visibility to the DNS preamble.