 |
WHY WE NEED PROTECTIVE DNS When malware infects a system, it doesn’t act independently. Before it does anything, it needs to talk to an external agent that lies outside of the infected system. It must “beacon out” for instructions. Bad actors need to lay the groundwork before infiltrating systems with malware. Creation of domains to act as command and control (C2) infrastructure effectively directs the malware on how to carry out operations within the compromised systems. Even when criminals change their tactics, techniques and procedures (TTP), they’re still using the same DNS and C2 infrastructure to instruct and deploy malware. This adversary infrastructure is what enables an attack to initiate within an organization. Lateral motion, data exfiltration and encryption – all begins with outbound communication to threat actors. This is where Protective DNS comes in. Protective DNS blocks access to malicious websites, detects and disrupts malicious communication, which can prevent data exfiltration, filter unwanted content, and provide early threat detection capabilities. We must assume an organization is already breached – or will be imminently – so the job of Protective DNS is to identify and block communications from adversary infrastructure. It’s not necessarily important to know what is being communicated in order to shut it down. We only need to know that this communication shouldn’t be happening so we can take action. |
