Story image

Stuck in the middle: how ‘grey websites’ highlight the importance of DNS decision-making

04 Apr 18

Article written by Neustar director of product management Chris Roosenraad 

Long gone are the days when the internet first came into our lives. In this digital-first era, along with the explosion in the number of devices and websites comes the unprecedented number of cyber-security attacks. The question now is how experts can decipher which websites are considered good, which are bad, and which are neither good nor bad, but fall somewhere in between. Even more importantly they need to consider what the best approach is when it comes to maintaining the security of their own domains.

To put things into perspective, 35 years ago when the internet first sprung into existence, there were a mere 4.29 billion domain addresses in existence and it would have been unfathomable to imagine that in 2018, Internet Protocol version 6 (IPv6) would be capable of supporting an unbelievable 340,282,366,920,938,000,000,000,000,000,000,000,000 - 340 undecillion Internet domains.

In the current environment where DDoS attacks on DNS systems have skyrocketed in the past year, these considerations around the good and bad domains are crucial. According to a recent Neustar survey, 82% of APAC-based organisations reported experiencing at least two DDoS attacks within the past 12 months, and nearly 45% being attacked more than five times.

This is further supported by data from Arbor Networks, who reported that over 2.25 million DDoS attacks hit APAC organisations in 2017. This particular frequency and intensification of DDoS attacks highlights the volatile and unstable potential of cyber-attackers and their willingness to wreak havoc on an organisation’s DNS.

The current scenario

In the past, the most effective way to protect organisations online presence was to separate all web traffic into two separate categories, ‘good’ and ‘bad’ through the practice of whitelisting and blacklisting. Blacklisting works by disallowing known malicious sources access to an organisation computer system or network.

It is traditionally considered to be inferior to whitelisting technology which enables an organisation to select and approve processes and trusted sources. Many cyber-security experts recommend whitelisting as the best approach to keeping an organisation safe from malware and other cyber-threats.

However, both practices raise the question: where does this leave websites that fall into neither category? Furthermore, how do we know what to protect against these types of sites? These ‘grey websites’, as they are commonly known, are becoming increasingly prominent, resulting from the adoption of ‘cloud-first’ strategies and the strong push towards digitalisation. While overall this is seen as a shift in the right direction, it reinforces the vital importance of protecting the businesses Domain Name System (DNS).

Moving forward

Being able to identify these grey entities is the first and most important step in ensuring the security of your DNS. It is, therefore, vital that an organisation takes a holistic approach to monitoring their inbound traffic. In addition, they need to have processes in place to monitor all web activity so they are able to determine a comprehensive database of DNS names, IP addresses and timestamps, which can then be used to automatically identify if the web traffic is legitimate or suspect.

In light of this, organisations should not only adopt a multifaceted approach to DNS protection but also, and in most cases, layered defenses. This includes protections to guard against network layer attacks and application layer attacks. A combination of hardware and cloud-based mitigation is the way to go to ensure a better protection from all angles.

Ultimately, the ability to improve decision-making about DNS activities is only one of many tools that a cyber-security professional can access to ensure the security of their organisations DNS. As the nature of the cyber landscape continues to evolve and the number of websites and devices ever increasing being able to identify and handle black, white and shades of grey will be imperative in maintaining the security of an organisation’s DNS and online assets.

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.
DanaBot banking Trojan: How to protect your organisation
DanaBot is a Trojan written in the Delphi programming language that includes banking site web injections and stealer functions.
Ping Identity announces new Identity-as-a-Service solution
PingOne for Customers is built for the developer community and provides API-based identity services for customer-facing applications.