Source URL: https://cloud.google.com/blog/products/identity-security/introducing-dns-armor-to-mitigate-domain-name-system-risks/
Source: Cloud Blog
Title: New DNS Armor can help detect, mitigate domain name system risks
Feedly Summary: The Domain Name System (DNS) is like the internet’s phone book, automatically and near-instantly translating requests for websites and mobile apps from their domain names to the Internet Protocol addresses of the actual computers hosting them. As part of the bedrock of the internet, DNS and domain name lookup are also prime vehicles for threat actors to launch cyberattacks, so DNS-based protections can act as an important early layer of defense against cyberattacks.
Using DNS to advance cyberattacks is a serious threat, and Infoblox indicated 92% of malware uses DNS for command and control communication in a study published this year. To support the security choice of our customers, we’re partnering with Infoblox to deliver DNS Armor, a cloud-native DNS security service available now in preview.
DNS Armor provides preemptive threat detection for internet-bound DNS queries initiated from Google Cloud workloads. It complements our existing cloud-first network security product portfolio by offering a foundational security layer that identifies DNS-based threats, including requests to malicious command and control (C2) servers, DNS tunneling for sensitive data exfiltration, and malware using DNS query.
DNS Armor benefits from Infoblox’s preemptive DNS threat defense, which analyzes over 70 billion DNS events every day, and adds 4 million new threat indicators to their database every month. This preemptive approach to detection using DNS event analysis helps identify DNS-based threats 68 days earlier than complimentary security tools.
“As a customer of both Infoblox and Google Cloud, we’re excited about the transformative potential of this collaboration. Google Cloud’s DNS Armor, powered by Infoblox, is a leap forward in cybersecurity, combining the strengths of both companies to deliver visionary, proactive threat defense," said Alfredo Rodriguez, vice president, Cloud Platform Infrastructure, Sabre Corporation.
aside_block
Detecting threats early with DNS intelligence
DNS Armor provides both feed-based and algorithmic-based threat detection.
Feed-based: Detects known malicious, high-risk domains, and newly-registered domains likely to be used for malicious attacks.
Algorithmic-based: Detects attacks using machine-learning based detection techniques, such as DNS tunneling attack techniques to prevent unauthorized data exfiltration.
DNS Armor also can help detect connections to malware distribution sites, and can pre-empt potential malicious downloads by blocking DNS queries going to malicious and high-risk domains.
Many sophisticated cyberattacks establish a network connection with their command and control environment. You can use DNS Armor to get visibility into the earliest indicators of suspicious and malicious domains by detecting C2 activity, connections to malware distribution sites, and Domain Generation Algorithm (DGA) traffic originating from your workloads.
For example, DNS Armor can detect evasive techniques like fast flux, which involves rapidly rotating the IP addresses linked to a single domain name, making detection of malicious domains more difficult and often missed by traditional security tools.
“The future of cybersecurity isn’t reactive — it’s preemptive,” said Mukesh Gupta, executive vice-president and chief product officer, Infoblox. “DNS sits at the foundation of every internet connection, making it the earliest — and most overlooked — opportunity to spot attacks before they begin. Google Cloud’s DNS Armor, integrated with Infoblox, detects threats weeks before they’re weaponized — helping security teams cut through noise and focus on what really matters — with a near-zero false positive rate. No more waiting for patient zero, no more blind spots. Just real-time threat visibility at scale.”
youtube video
How DNS Armor works
It takes only a few clicks to start using DNS Armor for your Google Cloud workloads. Once active, DNS Armor intercepts internet-bound DNS queries generated from your Google Cloud workloads, and the queries are automatically inspected by the Infoblox Threat Defense service in real time.
If a threat is detected, the Infoblox Threat defense service will generate a detailed threat log and store it in Cloud Logging. You can also send these threat logs to Security Command Center, Google Security Operations, or your preferred SIEM platforms for further analytics and incident response.
The DNS Armor workflow.
DNS Armor is easy to deploy and manage because it’s a turnkey managed service, with no virtual machines to manage and no impact to the performance of Cloud DNS. You can enable DNS Armor at the project-level across virtual PCs, giving you granular control over the cloud workloads that require protection.
Getting started
You can get started with DNS Armor by visiting our documentation page, and learn more about DNS security by checking out this video.
AI Summary and Description: Yes
Summary: The text details the launch of DNS Armor, a cloud-native DNS security service by Google Cloud in partnership with Infoblox. This service aims to enhance cybersecurity by leveraging DNS intelligence, allowing for preemptive threat detection and defense against various cyberattacks that exploit DNS vulnerabilities. With innovative detection methods, DNS Armor provides a foundation for better visibility and protection against malicious domain activity.
Detailed Description:
– **Service Overview**: Google Cloud has introduced DNS Armor, a managed cloud-native DNS security service developed in collaboration with Infoblox.
– **Threat Landscape**: The Domain Name System (DNS) has become a significant vector for cyberattacks, with 92% of malware utilizing DNS for command and control communication.
– **Preemptive Threat Detection**: DNS Armor enhances threat detection to identify DNS-based cyber threats early. It leverages two primary approaches:
– **Feed-based Detection**: Identifies known malicious domains and newly registered domains likely to be used for attacks.
– **Algorithmic-based Detection**: Utilizes machine-learning techniques to detect sophisticated methods such as DNS tunneling, which can facilitate unauthorized data exfiltration.
– **Integration with Infoblox**: The partnership with Infoblox provides robust threat intelligence, analyzing over 70 billion DNS events daily and adding millions of new threat indicators monthly. This results in a proactive defense that can detect threats significantly earlier than traditional tools.
– **Real-time Monitoring and Response**: DNS Armor intercepts DNS queries in real-time, generating threat logs upon detection. These logs can be integrated with other security systems for in-depth analysis and incident response.
– **Ease of Use**: The service is designed for easy deployment across Google Cloud environments, requiring minimal management and offering granular control over which workloads need protection.
– **Future of Cybersecurity**: The emphasis is placed on transitioning from reactive to preemptive security measures, with DNS Armor positioned as a foundational element for enhanced visibility and timely threat identification.
Overall, DNS Armor represents a significant advancement in using DNS intelligence as a cybersecurity measure, providing organizations with the tools to combat increasingly complex threats in the digital landscape.