Search
Featured Image: SLED’s Secret Weapon: Deploying Protective DNS

Hyas Blog | SLED’s Secret Weapon: Deploying Protective DNS

Published by on

State, local and education (SLED) organizations face many of the same cyberthreats as for-profit businesses. But are they any better protected?

Even large, tech-heavy enterprises remain surprisingly vulnerable to modern cyberattackers. These threat actors employ the domain name system (DNS) — the phonebook of the internet — to breach their targets with malware, ransomware, supply chain compromise and phishing attacks. But due to both the role and size of SLED organizations, the repercussions of these attacks can be particularly detrimental.

Take the MOVEit file transfer software exploits from 2023. That June, Progress Software discovered two vulnerabilities — registered in the Common Vulnerabilities and Exposures (CVE) system as CVE-2023-34362 and CVE-2023-35608. If bad actors exploited these CVEs with an SQL injection (SQLi), they could easily gain administrative access and exfiltrate confidential data from target organizations.

That’s exactly what happened. The same month, a ransomware group called CL0P claimed responsibility for hacking into the records of the largest public pension provider in the U.S.: the California Public Employees’ Retirement System (CalPERS). CL0P gained access to approximately 800,000 pension records via a third-party vendor, PBI Research Services. 

CL0P also went after the National Student Clearinghouse (NSC), holding confidential student data from 900 educational institutions across the country.

Neither of these breaches was inevitable. So how should the SLED sector better protect against modern cyberthreats and avoid the fallout from CVEs like the two affecting MOVEit? 

Read on to learn about four key ways for organizations to defend themselves with Protective  DNS.

1. Implement Protective DNS

The first way that the SLED sector can use DNS is the most obvious: by deploying protective DNS (PDNS).

Confronted with MOVEit-style breaches, SLED organizations should be able to identify threats and prevent catastrophic damage from attacks before they happen.

Moreover, organizations should be able to identify these threats independent of protocol. That means that PDNS should complement whatever methods or techniques are already in place to protect networks, systems and data. 

Every kind of device — regardless of location — uses DNS. That includes servers, internet of things (IoT) and mobile and stationary devices. And it should encompass work-from-home (WFH), remote and hybrid work models for organizations that use these devices.  That’s why PDNS is such a powerful solution.

SLED organizations can deploy HYAS Protect quickly and flexibly to prevent devices from accessing known malicious domains, by controlling this at the DNS level. While many PDNS solutions know how to block active, well-known threats, HYAS Protect can also identify, attribute and act on what is going to be malicious thanks to advanced threat intelligence from HYAS, even before it is weaponized and deployed. The HYAS engine dynamically decides how to tackle threats based on the HYAS Adversary Infrastructure platform and resulting infrastructure intelligence, asking in real time: Should this domain be allowed to resolve or not?

2. API-Integrated DNS Dissection

Not all protective DNS services offer comprehensive API integration. But HYAS Protect is a cloud-native, API-driven solution. Organizations can quickly, easily and natively integrate HYAS with existing security solutions, like:

  • Security information and event management (SIEMs)
  • Security orchestration, automation and response (SOARs)
  • Endpoint security, such as endpoint detection and response (EDRs) or threat response (EDTR)
  • Firewalls

Many SLED organizations will have one or more of these investments. HYAS sits on top, providing them with the ability to enrich existing data sources, offer more context, and give a wider picture of the threat landscape that organizations currently face.  This even makes HYAS future-proof against changes in the overall security stack.

The HYAS architecture contains:

  • Different deployment methods: Whether it’s via an integration with a commercial EDR, utilization of the HYAS Agent, deployment with a DNS resolver, or some other mechanism to get access to the DNS data,  the HYAS cloud sees all traffic and telemetry and can act accordingly
  • Analysis: includes verdict generation from the HYAS engine 
  • Platform management: contains HYAS’ UI and API-available decision engine

HYAS’ user interfaces (UIs) and platform are built on API endpoints that all clients can access.

3. Threat Visibility

SLED organizations need to see the threats they’re facing, which a comprehensive PDNS solution enables. HYAS Protect doesn’t just provide verdicts allowing or disallowing traffic and domains. Its high-fidelity threat signal reduces alert fatigue and improves network intelligence. Organizations can detect and block supply chain and low-and-slow attacks — threats that masquerade as legitimate, believable and organic traffic. This makes it much more difficult for threat actors to sit undetected on their victims’ networks. 

For instance, in one example, HYAS saw a bad actor who was masquerading their command-and-control communication to look like the standard outgoing protocol; nevertheless, HYAS was easily able to determine that this was malicious by understanding the destination at a DNS level.

HYAS customers can additionally couple HYAS Protect with HYAS Insight to investigate, understand, and report on cybercrimes as part of incident response or a security operations center (SOC) analysis — which has an impact beyond the digital world.

4. Prevent Damage from Breaches 

Ransomware, phishing and supply chain compromise all happen because users, devices and servers accidentally (and sometimes intentionally) communicate with adversary infrastructure.

For a good PDNS solution, the type of attack isn’t important. Here’s what matters:

  • The underlying infrastructure and what it’s connected to
  • The probability that specific domains and traffic — both machine- and human-generated — are associated with nefarious activity

Organizations should prepare for the possibility of breaches to enhance their cyber resilience; the unfortunate reality is that not only is everyone a target, but everyone will be breached at some point. While it’s nearly impossible to prevent every intrusion by threat actors, adopting a proactive resiliency-based approach will mitigate potential damage. By assuming vulnerabilities exist and focusing on understanding and disrupting threat actor infrastructure, organizations can stop threats before they cause significant harm.

Proactive Protection for SLED

Be it an unsuspecting employee who clicks on a malicious email link or third-party compromise, breaches can occur.. SLED organizations that want to avoid becoming another CalPERs or NSC need to monitor traffic and take action on threats before they become an issue.

HYAS is fundamentally proactive and predictive. Our solution detects and blocks cyberthreats from reaching their full, damaging potential with an advanced decision engine, customizable security and powerful analytics. 

This is why independent security software evaluators AV-TEST confirmed that HYAS achieved the highest efficacy of any PDNS solution on the market. It’s why we keep winning coveted industry awards, and it’s why the U.S. government recommends that every organization deploy a PDNS solution to protect itself against the cyberthreats lurking all over the world today.

It’s time for the SLED sector to act.

SLED organizations face the same threats as other industries and need the same protection. Book a demo for HYAS Protect today to start protecting your organization against DNS-based cyberthreats.