Industry Resources

DNS blacklisting is dead. What's next?

Friday 23 March 2018 | 12:20 CET | Advertorial | provided by CUJO AI

Broadband customers are bringing millions of new smart devices into their homes. The number of connected devices might reach 30 billion by 2020, and this is just one of the conservative estimates. However, it’s difficult to secure all of these devices using traditional signature-based and blacklisting methods. 

DNS traffic is getting encrypted

Domain Name System (DNS) is a protocol that dictates how computers exchange data on the Internet. It turns a user-friendly domain name into an IP address that computers use to identify each other. When a person types in the domain name (or URL), the DNS query is sent to a DNS server. It looks up the IP address of the domain name they are trying to access. DNS protocol is unencrypted by default. 

Most security vendors still heavily rely on techniques such as DNS firewalls and DNS blacklisting that perform DNS query checks of known bad domains. In 2-3 years, all DNS traffic will be encrypted and analysis of DNS traffic will not help to spot and stop malicious activity on the network. 

Apple has recently made the feature available for devices that are managed by Mobile Device Management (MDM) platforms and plans to roll it out to the general iPhone (iOS 11 and up) population shortly. Also, Google announced that it'll be adding “DNS over TLS” on Android.

While encryption introduces more security and privacy for broadband homes and consumer space, there is also a downside of this trend. Network operators are more challenged to protect communication channels and identify compromised devices/attacks. When DNS traffic becomes encrypted, it becomes challenging to monitor ingress/egress network flows. 

Traffic will become more prone to various exfiltration attempts. Network operators and companies using DNS blacklisting services as their key security controls will struggle to identify potential attacks and data exfiltration attempts. In addition, Next Generation Firewalls (NGFs) performing traffic DPI and looking for malicious behavior will be prone to evasion.

Finally, DNS PRIVate Exchange (DPRIVE) initiative and all the efforts are gaining more traction, and DNS encryption may soon become an internet standard. 

New types of threats are emerging

DNS blacklisting approach is inherently reactive, relying on human analysts to respond and validate millions of security events weekly. There are between 200 000 and 300 000 new malware samples released every day. Tracking of these issues gets increasingly complex. 

DNS firewalls are used mostly within the Delivery or Command & Control attack phases. The focus is solely on blocking known bad destinations, rather than on proactively detecting possible threats & anomalies. 

The pace at which cyberattack patterns and malicious infrastructure develops is rapid. Techniques such as Fast flux and DGA are used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts. It creates attack infrastructure that is more resistant to discovery and counter-measures. Such techniques make DNS blacklisting a very expensive security control to maintain. 

Another growing technique is to hide the threat in encrypted traffic. The use of encryption has grown as a way of protecting payloads, but it can also conceal bad traffic from security systems. Threat actors are also using popular cloud services for command and control, making malware very difficult to find with traditional security tools, because it looks like normal traffic.

As a result, DNS firewalls will become ineffective as a security inspection datapoint.

Privacy is Becoming a Priority

Continued privacy concerns and regulations will drive the growth of encrypted channels and protocols across the Internet. On 25 May 2018, General Data Protection Regulation (GDPR) will come into effect. It will protect the data of the citizens of European Union member states. This also includes non-EU organizations that use the data of EU citizens. 

According to the regulation, all organizations will have to improve their security measures, including data assessment, security standards, and privacy policies. This regulation will reform the overall cybersecurity landscape and introduce comprehensive security controls.

DNS blacklisting is not able to protect against Internet of Things (IoT) hacking, too. The latest innovative shift in technology enables encryption to be implemented easily. It will be the norm to provide data confidentiality and integrity for interconnected IoT ecosystems, and DNS blacklisting will not protect smart devices against this attack vector.

The next generation of cybersecurity is powered by artificial intelligence

CUJO AI takes an innovative approach. Our security controls are driven by machine learning algorithms and artificial intelligence. Such methods allow us to detect fresh zero-day exploits and spear-phishing attacks that have not appeared in any blacklist  feeds or detect anomalies in the behavior profiles of IoT devices. 

Instead of relying on known malicious domain blocking, CUJO AI security focuses on behavioral analysis. This way, we ensure network security for both browser-enabled and Internet of Things (IoT) devices.

Contact us and learn more how network operators could benefit from our solutions: 


Sponsor Details

Name    CUJO AI
Contact    https://www.getcujo.com/

Categories: General
Companies: CUJO
Countries: World
::: add a comment
This article is part of dossier




Add comment

Please login or register to leave a comment.

We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.


The next generation of connected experience - Precision, protection and personalization

Published 21 Sep 2018 15:00 CET | World
The smart home concept started out as a dream, but it turned into a mess. IoT enthusiasts were so excited that they can connect ...

5 Key Security Tips to Avoid an IoT Hack

Published 10 Aug 2018 14:24 CET | World
Recently, Russian PIR Bank lost USD 1.000.000 because of a compromised router that allowed hackers to gain entry into their local ...

Machine Learning vs Chronic Security & Privacy Issues

Published 27 Jul 2018 14:58 CET | World
The Internet has many issues. Privacy. Lack of encryption and its governance. Questionable marketing techniques. A misinformed ...

CUJO AI named to WEF annual list of Technology Pioneers

Published 28 Jun 2018 14:04 CET | World
The World Economic Forum has unveiled its annual list of Technology Pioneers. The 61 early-stage companies are recognized for ...

M-Tiba, Juvo among WEF annual list of Technology Pioneers

Published 28 Jun 2018 10:15 CET | World
The World Economic Forum has unveiled its annual list of Technology Pioneers. The 61 early-stage companies are recognized for ...

Q&A Session: New Trends Advance User Privacy

Published 11 Jun 2018 13:00 CET | World
Privacy and security online are one of the top concerns of Americans, especially after numerous massive data breaches (Equifax, ...

New Approach to GDPR: Using Machine Learning to Enhance Privacy

Published 15 May 2018 13:00 CET | World
GDPR has no precedent. However, it could become the worldwide gold standard of privacy laws. In such a case, these ...

Mobile First: Security Concerns and Solutions

Published 08 May 2018 13:00 CET | World
The majority of people - 83%, in fact - use their mobile devices to go online. 89% of these users connect to the internet via a ...

New DNS Encryption Tools Accelerate Privacy Online

Published 25 Apr 2018 17:00 CET | World
Brand new Domain Naming Service (DNS) Cloudflare is gaining firm ground among internet users. Unlike many other DNS providers, ...

Why Do We Need Advanced Parental Controls?

Published 22 Feb 2018 07:30 CET | World
In 2016, Pew Research Center revealed that 60% of parents had checked their teen's social media. 61% of parents agree that ...

CUJO AI Platform for Network Operators

Published 01 Feb 2018 15:20 CET | World
Company helps Network Operators support their customer's privacy by placing IoT devices beyond the reach of hackers. After ...

Smart home market still small in Europe, but with many players pushing it forward adoption will rise

Published 09 Nov 2017 13:51 CET | Europe
The smart home market in Europe is still in its early days, with few households owning connected products. However, a wide range ...

Cujo founds subsidiary in Lithuania

Published 13 Oct 2017 00:37 CET | Lithuania
US-based company Cujo has founded the subsidiary Cujo Baltic in Lithuania, reports Vz.lt. The company plans to create up to 100 ...

Go Ignite alliance reveals winners of second global startup call

Published 11 Sep 2017 11:05 CET | World
The Go Ignite alliance of telecommunications companies including Deutsche Telekom, Orange, Singtel and Telefonica has announced ...