Are Software-as-a-Solution (SaaS) security solutions truly the panacea they are publicized to be? The answer is, it depends on how the SaaS solution is architected.
A majority of SaaS-only security solutions are “overlay” solutions that simply provide an additional layer of security on top of an enterprise’s existing network and security infrastructure.
In contrast, a hybrid approach to security is one that tightly integrates SaaS solutions with an enterprise’s existing IT infrastructure and leverages SaaS capabilities to seamlessly extend and scale on-premise solution performance.
DNS as a Security Tool
As enterprises gear up to handle the barrage of increasingly targeted and sophisticated cyber attacks, security architects must take advantage of the visibility that each IT asset can provide.
DNS is an excellent example of a scalable and pervasive network infrastructure protocol that offers unmatched visibility into network traffic patterns, malicious and otherwise.
If used optimally, DNS can provide an affordable and scalable first line of defence for detection and mitigation of the vast majority of known threats.
Behavioural analysis of DNS traffic can also serve as an “early warning system,” flagging potential zero-day threats in the network.
Overlay (SaaS-only) solution challenges
The way most SaaS-only DNS security solutions work is to enable businesses to forward their DNS traffic to the cloud, where DNS queries are processed and potential malicious activity is detected and flagged.
Most enterprise DNS servers support the ability to block access to domains via configuration of response policy zones.
By directing all DNS traffic to the cloud, SaaS-only solutions fail to leverage these existing security capabilities, which allow an enterprise to block the most egregious threats at the very first DNS server that detects it.
Further, because overlay solutions do not integrate with the incumbent enterprise DNS architecture, they leave enterprise administrators stuck with operating two separate and siloed management systems and having to manually correlate data between the two.
Overlay solutions are unable to leverage the rich contextual data available in the enterprise DNS, DHCP, and IP address management systems (DDI).
This context can help with prioritization of security threats, a key requirement for security analysts who are swamped with alerts they can’t keep up with.
Why a hybrid approach for DNS security
Hybrid solutions offer enterprises complete flexibility in terms of deployment options – the best combination of on-premise and SaaS.
And regardless of the deployment model, enterprises get all the benefits of integration with their DDI infrastructure:
– Reduces complexity: Hybrid solutions take away the hassle of deploying proxies throughout the network.
– Increases flexibility: With a hybrid solution, customers may choose to leverage their on-premise DNS servers to block access to domains based on curated low false positive threat intelligence and leverage the cloud for a more comprehensive threat assessment based on a lot more threat data as well as big data analytics.
– Improves visibility: Hybrid solutions offer a single pane of glass for managing security across the enterprise DNS infrastructure.
CHECK OUT: the most rewarding jobs in the UAE
– Enables threat prioritization: Rich network context data can be made available in the security dashboards and used to intelligently prioritize threats for remediation.
– Improves intelligence: On-premise network and user context is automatically shared with the SaaS component of the solution, and security events detected in SaaS can be shared back with the security ecosystem on-premise, creating a closed intelligence loop across the enterprise.
In conclusion, although a few organizations are truly cloud-first, most enterprises maintain a hybrid environment and need a more flexible, comprehensive solution for DNS security – and a hybrid approach is the key.
By: Ashraf Sheet, Regional Director Middle East & Africa at Infoblox