How DNS firewalls can burn security teams

A deceptively simple idea to take a bit more control of your network. The almost standard setup for enterprise DNS is to have ‘internal’ DNS servers and then only allow them to talk to ‘external’ DNS. That way you can gain some visibility on what your devices are connecting to…:

It’s easy to see how DNS firewalls could have thwarted 33% of data breaches. For most IT and security teams, DNS has been an afterthought. Or, worse, not even that. The research, conducted by the Global Cyber Alliance, was absolutely still worth doing.

On the surface, this research is good news. It suggests there is a low-hanging fruit in the cybersecurity space. But it also suggests that a DNS firewall is the logical next step to improved security. It’s not — at least not on its own.

[…]

Original article here