GigaOm Radar for Domain Name System (DNS) Securityv2.0

1. Executive Summary

The domain name system (DNS) is fundamental to every modern organization. It’s the backbone of communications and the means by which clients connect with services both internally and externally. It is a service so fundamental to the basic day-to-day operations of every network that it must be both ultra-secure and resilient. However, the reality is that it is not. In fact, the DNS is vulnerable. Attacks of all types that can undermine the DNS, such as cache poisoning, DNS hijacking, amplification, spoofing, and tunneling, continue to increase.

The impact of a DNS cyberattack on an enterprise can be devastating. It can result in the loss of sensitive data, deployment of malicious code, and denial of access to key services, all of which can result in significant financial losses and reputational damage. Protecting DNS should be a priority, and that means using a solution with a range of security capabilities. A good DNS security solution has a unique value in the overall security chain. This stems from its operation early in the communications process. The vast majority of malicious activity in an infrastructure will make a DNS call; by securing and identifying malicious calls at inception, proactive security can be implemented from the beginning of an attack, helping secure an organization more effectively.

The information gained from a DNS security solution can also greatly enhance an organization’s risk analysis and threat response, providing a rich source of data for security teams and improving resilience, availability, and operational stability.

DNS security is often overlooked, as it lacks the high profile of other security threat vectors. However, DNS communication is a fundamental part of IT infrastructure and very few systems and organizations can operate without it. Safeguarding it should be an essential part of an organization’s security planning, and the right solution will improve the security of DNS as well as deliver improvements across the broader stack. DNS security has the potential to provide a strong return on investment and should be part of every organization’s security strategy.

This is our second year evaluating the DNS security space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

For this evaluation, we’ve updated our inclusion criteria to only include vendors that provide DNS security as a discrete service. The DNS security must be a standalone offering, either a specific solution or, if part of a broader portfolio, able to be deployed and licensed on its own, without the need to include other services. This ruled out some vendors we had included previously that only offered DNS security as part of firewalls or secure internet gateways where DNS could not be unbundled. Additionally, we’re not including vendors that offer authoritative DNS solutions, where it’s required that a user’s DNS infrastructure moves to the vendor’s platform. This is a separate area of DNS security and needs to be evaluated as such. Instead, this report focuses on solutions that offer DNS security for DNS resolution and client end use and those that provide security to DNS infrastructure. The idea is to ensure greater consistency among vendors and to make comparison easier. Despite the elimination of some vendors, the changes resulted in an increase in the number of vendors included in our report.

This GigaOm Radar report examines 11 of the top DNS security solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading DNS security offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.