Key Criteria for Evaluating DNS Security Solutionsv1.0

1. Summary

The domain name system (DNS) is fundamental to every modern organization. It’s the global web address book without which communications networks, including the internet, can’t function. You’d imagine such an essential technology would be designed to be ultra-secure and resilient, but unless you’ve invested in DNS-layer security, your use of it may well be vulnerable and leave your organization susceptible to a significant range of threats that can breach your network defenses in a variety of ways. However, an organization’s DNS infrastructure can be secured effectively, and this move is foundational for reinforcing overall security and protecting both data and business operations.

Effectively securing DNS activity provides multiple benefits to any organization. Not only does it lower risk, the information gained from doing so can also greatly enhance an organization’s risk analysis and threat response, offering a rich source of data for security teams and improving resilience, availability, and operational stability.

There are a number of approaches to DNS security, but these are often part of a vendor’s broader portfolio, rather than targeted solutions. Solutions can be focused at the network perimeter as well as at the endpoint; in reality both of these approaches are important in today’s organizations where, inevitably, the workforce and infrastructure are spread out across multiple locations.

Good DNS security will protect end users and systems from potential security breaches by spotting false domains and identifying malformed DNS requests. Even better, some DNS solutions are capable of identifying malicious payloads as part of a DNS request.

While DNS security is only part of an overall security strategy, its unique value is found in how early in the communications process it can operate. Ultimately, any malicious activity in an infrastructure will make a DNS call, and if these DNS calls can be secured and malicious ones identified and stopped, then proactive security can occur at the very beginning of an attack, helping to secure an organization more effectively.

DNS security is often overlooked as it lacks the high profile that other security threat vectors may have, but this should not be the case because DNS communication is a fundamental part of IT infrastructure and very few systems and organizations can operate without it. Securing it should be an essential part of an organization’s security planning.

The GigaOm Key Criteria and Radar reports provide an overview of the DNS market, identify capabilities (table stakes, key criteria, and emerging technology) and evaluation metrics for selecting a DNS security solution, and detail vendors and products that excel. These reports give prospective buyers an overview of the top vendors in this sector and help decision-makers evaluate solutions and decide where to invest.