At the inaugural CyberConnect event in New York City, thought leaders in business, government and security gathered to exchange ideas and best practices in combating the latest cyberthreats. The purely security-minded audience at CyberConnect allowed domain name system technology companies — which normally interact with networking infrastructure people — to showcase the latest in DNS security techniques.

“I love the idea of talking about DNS security to a security audience. And, hopefully, some of the folks we get to talk to here will come away from it thinking, ‘Oh wow, so I didn’t even realize that my DNS infrastructure could actually be a security tool for me,’” said Cricket Liu (pictured), chief DNS architect at Infoblox Inc., a network intelligence services company. 

Liu spoke with Dave Vellante (@dvellante) and John Furrier (@furrier), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the CyberConnect conference. They discussed the latest trends in DNS security technology. (* Disclosure below.)

Using DNS to expand security profile

One of the easiest ways companies can improve their security profiles is to instrument their DNS infrastructure to detect evidence of compromise, according to Lui. Setting up Response Policy Zones, or RPZs, to allow custom handling of the resolution of domain name collections lets organizations establish governance and checks around how traffic is routed to their servers. 

“Most organizations haven’t gone through the trouble to plumb their DNS infrastructure into, for example, their sim infrastructure so they can get query log information. They can use RPZs to flag when a client looks up the domain name of a known command and control server, which is a clear indication of compromise,” Liu explained.

In addition to the real-time tracking and flagging of DNS activity, more and more big security players are collecting passive DNS data and running interesting analytics on that passive data, according to Liu. For example, if a named IP address mapping is changing really quickly, it might be an indication of fast flux, he stated.

“There’s some things you can do with these analytical algorithms in order to suss out suspicious and malicious behavior,” Liu concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the CyberConnect 2017 event. (* Disclosure: TheCUBE is a paid media partner for the CyberConnect 2017 conference. Neither Centrify Corp., the event sponsor, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photos: SiliconANGLE