DNS Monitoring: A red light for retail traffic

Press enter to search
Close search
Open Menu

DNS Monitoring: A red light for retail traffic

By Russell Haworth - 04/08/2019
For technology specialists, the retail industry makes for a fascinating environment.

Retail brings together almost all of technology’s key dynamics and quirks, sometimes in harmony and occasionally in conflict, and serves up critical lessons for professionals in every function.

Think about it. The retail market features multinationals and mom-and-pop stores and everything in between; direct interaction with consumers in ways no other industry can match; a constant battle to keep up with new devices, software and apps that customers deploy to make purchases; new business models blending physical and digital commerce; a treasure trove of customer data; a battery of mandates that can stifle flexibility; and of course, the perennial search for IT security.

That last retail dynamic may offer the most critical lessons of all. Information on 150 million users of health app MyFitnessPal (owned by Under Armour) got compromised a year ago this week, and it barely merits a mention anymore. That’s in part because MyFitnessPal joined the ranks of so many other corporate hacking targets, including household names such as Macy’s and Sears.

To drive the point home, the U.S. Supreme Court ruled on March 25 that online shoe retailer Zappos cannot throw out a class-action lawsuit brought by customers whose personal information may have been stolen back in 2012. This is seriously bad news for merchants who want to limit their liability when there’s a data breach.

The underlying reality is that the retail industry—which surely faces enough challenges in the digital era—represents a ripe and juicy target for global cybercriminals. And moving forward, as we see even more consumer-friendly technology advances and changes in buying habits, we’re going to see more dangers in the threat matrix and more sophisticated and organized attacks.

There’s no single-bullet solution to such a complex problem, but there are certainly effective strategies that can be deployed. And it starts with the basics: DNS, or domain name system, the decentralized naming system for resources connected to a private or public network. As a distributed directory service throughout the world, it’s been the fundamental underpinning of what we call the Internet since the mid-1980s. Therefore, doing literally anything on the Internet—a site visit, e-mail, e-commerce—from anywhere involves a DNS call.

DNS is how data travels around the Internet, making it the singular medium used to communicate during coordinated criminal activities. As such, it provides heightened visibility into every threat, from malware to data exfiltration, and helps security professionals identify risks even before they become truly dangerous.

Most security executives know this. A new study of chief information security officers (CISOs) at 30 large enterprises found that a whopping 97% see the value in monitoring, threat detection, attack blocking and analytics at the DNS level to enhance security. But whether this translates into specific measures to conduct deep DNS-level monitoring is a different question.

One reason for this DNS-level security disconnect may be that with the constant emphasis on new technologies driving new capabilities, the old foundation gets the short shrift. The sheer volume is also a challenge. It’s not unusual for potent malware to be blanketed by massive amounts of legitimate traffic, and effectively analyzing billions of mostly-valid DNS data packets is extremely difficult.

We know because we’ve invested years perfecting how to do it. Our own survey of 408 CISOs at large enterprises in the U.S. and U.K. revealed that nearly 70% of the respondents had found malware hidden on their networks for an unknown period of time.

More to the point, volume is not an issue that’s going to go away: In the Visual Networking Index (VNI) from Cisco Systems late last year, it was reported that global IP traffic is actually set to reach 4.8 zettabytes per year by 2022, up from 1.5 zettabytes per year in 2017. To put it bluntly, we’ll get more traffic in the next four years than in the entire history of the Internet.

That makes for a lot of traffic, and being at the intersection is a serious challenge. But effective security at the DNS level is a critical weapon in the battle to avoid becoming one more entry in the long list of hacked retailers.

Russell Haworth is CEO of Nominet.