A naukri.com initiative
Infoblox
4w
252
Image Credit: Infoblox
NIS 2 Implementing Regulation and the importance of DNS Security
- The European Union's Network and Information Systems Directive (NIS 2) is scheduled to be implemented into law in October 2024, with further technical guidance expected to be released in the coming months.
- The recently adopted NIS 2 Implementing Regulation outlines technological requirements for entities subject to NIS 2. One of these requirements is for the implementation of best practices for DNS security.
- Experts predict that ENISA will define best practices based on three key areas: securing the DNS platform, securing the DNS protocol, and implementing DNS as a cybersecurity control.
- Organizations are expected to have a robust and resilient DNS architecture in place that is accounted for in business continuity plans and processes, as DNS is a foundational networking service that users and applications rely on.
- NIS 2 is expected to drive regulated entities to formalize strategies and processes to secure their external-facing, authoritative domains, as DNS is widely abused by threat actors to carry out cyber attacks.
- Protective DNS, a DNS service that intercepts requests from clients to resolve malicious DNS domains, has become a widely accepted best practice, as it provides a highly scalable and pervasive security control that is simple to deploy and based on a recognized DNS standard.
- Regulated entities may need to perform DNS architecture assessments to address risks such as insufficient patch management or architecture resiliency before instituting processes to proactively maintain their DNS infrastructure.
- Infoblox performs DNS security assessments and security workshops that can help organizations transform their DNS architecture into a robust cybersecurity enforcement platform.
- Using secure DNS can reduce the ability for 92% of malware attacks from a command-and-control perspective.
- NIS 2 requires entities to implement best practices for DNS security, so it is important for legal, compliance, and cybersecurity practitioners to understand the requirements and prepare accordingly.
Read Full Article
15 Likes
For uninterrupted reading, download the app