There’s a simple answer as to why the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recommend protective DNS (PDNS) solutions as part of their Shields Up initiative and the Department of Defense (DoD) requires it as a prerequisite for Maturity Level 3 in the Cybersecurity Maturity Model Certification (CMMC) standard (SC.3.192).
There will always be breaches, but they needn’t lead to the fallout that continues to impact major corporations and governments across the globe. To effectively combat the inevitable, businesses need a paradigmatic shift in how cyberthreats are viewed and treated. Understanding adversary infrastructure and combining it with protective DNS is the key to ensuring that organizations do everything they can to get proactive against threat actors and drive true business and operational resiliency. To this end, the German security evaluators AV-TEST independently established HYAS as the most effective DNS protection on the market.
To proactively drive operational and business resiliency, organizations shouldn’t be asking if they will be able to keep bad actors from breaching their defenses. While businesses’ entire security stacks do matter, it’s impossible to stop all nefarious activity beforehand. Cybercriminals will always be looking for (and will find) ways inside.
But that doesn’t mean game over. Protective DNS (PDNS) solutions arm companies with the tools they need to identify “digital exhaust”: the telltale signs and traces of activity signaling the first signs of an active breach. These are the signs that threat actors have breached the network and are beaconing out to adversary infrastructure for instructions, data exfiltration, or other attack advancement.
Combining PDNS with a deep understanding of how threat actors communicate and execute cyber attacks is the key to effectively combating them. Without this understanding, businesses remain one step behind, relying on outdated allow-and-deny lists of where to go yesterday — not today.
Consider:
The only way to stay safe is to know what communication is occuring, to what destination and how often, and compare that activity against a complete understanding of adversary infrastructure. Threat intelligence isn’t just a reactive post-incident response. Proactivity means knowing what will be used as C2 before the attack is ever launched, so even a net-new technique and attack can be stopped before it causes damage.
Understanding threats alone isn’t enough. We need to prove that solutions can actually be effectiveGermany-based independent security evaluator AV-TEST began by testing antivirus software (hence the name) and grew to test the various and ever more sophisticated security solutions seen on the market today.
AV-TEST has proprietary mechanisms for understanding and scoring security solution efficacy. Cybersecurity vendors themselves may construct test frameworks that artificially bolster their results, which is why independent third-party testing is crucial in demonstrating accurate results.
The organization has tested multiple PDNS solutions, including HYAS Protect. Prior to the HYAS test, the top solution was around 50% effective as a standalone option and technologists could boost it up to 70% when layered on top of other products.
But this was before AV-TEST had tested a security solution based on understanding adversary infrastructure. The test focused on the detection rate of links pointing to portable executables (PEs) such as malware .exe files, non-PE (including HTML and JavaScript) malicious files and phishing URLs. In all cases, the score was over 80% and in some cases, closer to 90%. The false positive rate hovered around 2.5%.
This independent test conclusively proves HYAS Protect is the most effective form of protection and resilience against cyber threats today. It’s also quickly deployable within a matter of minutes and, depending on the organization’s architecture, can be integrated into existing endpoint detection and response (EDR) solutions, extended detection and response (XDR) solutions, firewalls, and other components. Pioneering a New Approach to Cybersecurity
Existing protection solutions are not a bad thing — they are actually necessary components of the overall stack. The same goes for EDR, XDR and managed detection and response (MDR). The critical thing to remember is that a security stack without the right kind of PDNS isn’t sufficient to drive true operational resiliency, especially as the likelihood of breaches will always be high.
Effective PDNS needs to work not just independently but easily integrate into pre-existing stacks and components, both to ensure it works as part of a “security in depth” strategy and to ensure it is future-proof as the architecture changes. Combined with adversary infrastructure understanding, enterprises finally have a powerful intelligence-based weapon to help them get proactive against cyber threats.
The future isn’t about blocking every single attack. It’s about taking a completely different approach of understanding and utilizing an adversary infrastructure platform to change cybersecurity paradigms that aren’t working into those that do. Only in this way can organizations realize their operational and business resiliency goals against all forms of digital risk.
Rethink cybersecurity: Understand adversary infrastructure and counter DNS as a tried-and-true attack vector for threat actors. Contact us today to learn how HYAS can help your organization transition from reactive and defensive to proactive and offensive.
*** This is a Security Bloggers Network syndicated blog from HYAS Blog authored by David Ratner. Read the original post at: https://www.hyas.com/blog/using-proactive-intelligence-against-adversary-infrastructure