As thousands of federal workers continue to log in from home in response to the coronavirus pandemic, agencies need to be more vigilant to protect their operations and their data against phishing, ransomware and domain name system (DNS) exfiltration attacks, says an expert in a new podcast.
Network traffic has spiked globally, according to Patrick Sullivan, CTO for security strategy at Akamai Technologies. In the first quarter of 2020, traffic is in excess of 160 terabytes a second. That’s compared to around 70 terabytes a second at the peak of 2019 traffic in the same period, he says. Sullivan explains that he bottlenecks that people are now experiencing is in remote access solutions with corporate networks that were not designed to see this type of surge in users working remotely.
“Adversaries are looking to leverage these types of events to further their attacks. It’s been well documented that this is a very popular phishing lure,” says Sullivan.
Sullivan shares how focusing on DNS security intelligence leads to fewer cyberthreats on agency networks. He also offers recommendations for relatively quick steps IT leaders can take to strengthen security for their remote workforce during a new FedScoop podcast, underwritten by Akamai Technologies:
How DNS security mitigates cyber risks
“The nice part about DNS is it’s a really nice chokepoint. Whether employees are in the headquarters building or whether they’re working from home, almost everything that people do these days starts with a DNS request,” says Sullivan.
He elaborates that Akamai sees trillions of DNS queries a day, allowing the company to maintain intelligence around the risk of any given domain.
“We can gain insight if a request goes out to a domain that we believe to be phishing, or in the service of malware distribution, or is leveraged as part of command and control networks. We can arrest that threat right at the first phase of DNS request time,” he says.
Security risks in network security
Sullivan cautions agencies to move away from traditional perimeter defenses because of the inherent risk of establishing trust at the network layer.
“In many ways, asking a perimeter defense to defend a network at layer 3 is asking you to defend the indefensible. Once an adversary gains a foothold inside a network that has that perimeter model, there are really some soft targets there,” he says.
Moving to a zero-trust model – where a user’s position and the network topology doesn’t grant access – rather it’s at the application layer centered on identity, will deliver better outcomes in the long term.
Recommendations to fortify security plans
“This quarter has been a challenging time for everyone. It’s a good opportunity to test out your resiliency plans, your business continuity plans,” Sullivan says.
He adds how Akamai Technologies has spent recent weeks “helping customers scale up remote access to basically have a cloud-based model for remote access that’s at the edge of the internet, versus bringing traffic all into fixed devices with fixed capacity at a corporate HQ.”
Patrick Sullivan has spent 14 years at Akamai Technologies, and another 10 years working in the communications sector, including four years at the Defense Information Systems Agency.
Listen to the podcast for the full conversation on enterprise threat protection. You can hear more coverage of “IT Modernization in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by FedScoop and underwritten by Akamai Technologies.