There are few things more important to the operation of the Internet than the Domain Name System (DNS.) Internet users rely on the DNS to identify the names of websites they want to visit, but browsers communicate
with websites via their IP addresses. While DNS is invaluable to the Internet community, it is not without vulnerability.
Attackers are using DNS for data theft, denial-of-service, and other malicious activity. Proactive monitoring of DNS activity can help network administrators quickly detect and respond to these threats. When the Domain Name System was designed, security was not a major consideration. Now, malicious actors are using DNS for data theft, denial-of-service attacks, command-and-control, and other malicious activity.
Proper DNS logging provides your security team with extra advantages like:
- Reduce breach impact by finding the bad guys faster on your SIEM
- Reduce SOC / alert fatigue with personnel
- Achieve investigation efficiency by reducing DNS noise
- Reduce the cost of DNS security and increase efficiency through centralizing the DNS logs via centralized log collection
- Reduce the cost of storage and processing of DNS logs such as being able to forward to multiple routes and endpoints
- Take care of GDPR and other compliance obligations, which when found to break compliance results in hefty fines
- Enables correlation, makes acting and alerting quicker
Attackers are still abusing DNS in 2020
DoS and DDoS attacks
DNS Infrastructure Hijacking Attack
DNS use in APT groups
By proactively monitoring DNS audit logs and query traffic, IT personnel can more quickly identify and respond to a DNS attack, reducing its impact.