What DNS encryption means for enterprise threat hunters and admins - new browsers will be enabling DNS over HTTPS (DoH)

For security operations center (SOC) teams the negative effect of DoH is that it blindsides them to malware communication that can more easily masquerade as normal HTTPS traffic in the corporate network.

"As a network operator… I need to see what my users and applications and devices are doing in DNS in order to know which one of them is an intruder, which one of them is malware, which one of them is part of a botnet, which one of them is a poisoned supply chain… I have to be able to see that in order to keep my network secure, and so anybody who comes along with a project like DNS over HTTPS that says ‘Yeah, we want to make it impossible for the network operator to interfere with DNS operations’, they don’t understand my life at all."

DNS encryption, while bringing some good, disables some of your protections. This affects primarily network-based security solutions, underscoring the importance of having a quality, multi-layered endpoint security solution in place.

The article unpacks some of these issues as well as suggesting some plans of action. Bottom line is these new changes are coming and a decades old paradigm is changing. If you are involved in network admin or security threat monitoring you need to stay up to date with this as it evolves.

The problem here is that whilst this challenge is all very valid, the article is "published" in partnership with ESET who wants to sell their solution to you. It's important to not just default to buying solutions and services to try to solve this whilst neglecting your own admins. Your network admins need to be constantly upskilling to understand and advise about these threats as trusted internal advisors with the organisations interests at heart. Network admins who do not stay up to date risk becoming irrelevant and the organisation is then at risk of being sold any 3rd party solution that can likely cost and arm and a leg over time.

See What DNS encryption means for enterprise threat hunters

#technology #security

Image/photo

The dawn of the DNS over HTTPS era is putting business security and SOC teams to the challenge.



source https://gadgeteer.co.za/what-dns-encryption-means-enterprise-threat-hunters-and-admins-new-browsers-will-be-enabling-dns

Comments