Hi, I’m Peter LaMantia, CEO of Authentic Web.
Today I am going to discuss a global IT security risk that is compromising the domains and external DNS of large enterprises.
In just a few minutes, you will understand the threat, why it persists and how a modern unified digital control system is the best way to protect your organization and your customers.
IT security is complex so let’s define this area.
IT security teams focus is on hardening internal network perimeters. Teams spend big and allocate substantial human resources to this effort.
At the same time, external DNS is largely left unmanaged, yet this is where the business engages with registrars, DNS providers, Certificate Authorities and 100s of cloud services. This is also where your loyal customers engage with you and trust that you’ll keep them safe.
Each is an attack vector. Here’s why.
Bad actors are smart, their agile and well equipped. They know that cracking your hardened perimeter directly is difficult. Instead, they target weak points on the external DNS, compromise systems and data-in-transit to obtain proprietary data including network credentials. Spend all you will on perimeter security, if you do not address the external DNS, you are exposed.
And it is not a theory. 2018 was a bad year. The predictions came true – particularly the growing epidemics of phishing and DNS hijacking.
And the trend in 2019 is continuing with escalating attacks with increasing sophistication. Government agencies and security analysts are issuing internal directives and global warnings. It’s a serious problem
So let’s take a closer look at the issues behind these attacks and what to do about them.
Domains and DNS are extremely vulnerable to compromise.
First, lets look at the external threats. They are complex, used in combination to compromise the chains of trust. Attacks are multi-phased, first compromising a weak system point or customer user, then harvesting the data or credentials to be used for the next attack phase.
The problem persists because it is HARD for IT teams to get and keep control of domains and the external DNS.
External threats succeed because of internal management gaps.
Everything is manual with little oversight, visibility or control. Who has access, what did they do, was it approved, was it correct, when did they do it and how do you know. Can you easily set up, enforce and maintain external DNS security policies like DNSSEC, SPF or ensure full TLS coverage? You cannot is the answer.
The bad guys know this … they know ITSec Teams focuses on the perimeter. That’s why external DNS has become a preferred attack vector to harvest data and credentials.
Companies manage domains and external DNS the same way they did back in 1999 with legacy tools and processes designed two decades ago.
Well that’s just not going to work as the attack surface expands beyond the perimeter.
Authentic Web solves this problem with a unified control system. We’ve brought all the tools you need to manage domains, DNS security and TLS certificates into one integrated control system, complete with change management, audit, digest alerts and other tools.
Our unified control system empowers teams to fully secure your domain and DNS operations to keep your CUSTOMERS SAFE.
With Control, Visibility and Automation capabilities, you eliminate disconnected manual workflows, and various systems operated by teams in silos across the business to lock down your DNS network and improve digital and team performance.
Best of ALL it is FREE.
Over the years, the total cost of domain and DNS ownership has continued to increase with no end in sight. Most IT security systems require incremental budget. This system is different. Organizations that have adopted this technology report a 30 to 50% reduction in their total cost of DNS ownership. We simply make it easy and efficient by empowering teams to succeed with automation, visibility and change management control.
For clients who need more help, we offer IT Managed services to provide turnkey consolidation of domains and DNS and then relieve your teams of work effort to lock down the DNS and support them with DNS expertise for the long term.
In summary, the increasing compromises on domain and external DNS is very real. Regulatory regimes like the GDPR require that you keep your customers safe and make it imperative to deal with these escalating exposures now.
We can help you get started with a technical DNS audit to pinpoint exposures. Then a demonstration of our control system will show how to KEEP YOUR CUSTOMERS SAFE and your BRAND SECURE, while reducing total costs.
Reach out, our team and I would be pleased help you address these challenges with a systems modernization and services advantage. Thank you.