According to a Thycotic report, nearly three-quarters of black hat hackers claim that traditional firewalls and antivirus software can't stop them. As these security measures evolve, hackers continuously adapt tactics like phishing and drive-by-download malware to bypass detection. One effective alternative for stopping web-based attacks at source is DNS filtering, which can be deeply integrated with Microsoft Azure Active Directory (AD) to provide Azure DNS filtering based on user-level access.
What is a DNS? Where Does Microsoft Azure Fit?
A DNS (Domain Name System) underpins the internet by mapping a human-readable domain name to a machine-readable IP address (IP stands for Internet Protocol), e.g.,
https://wtc1.webtitancloud.com:8443
maps to
IP address: 52.32.39.15
When a user types a web address into a browser, a ‘DNS resolver’ matches this domain to an IP address using DNS servers. In other words, the DNS system resolves the address and maps it to the IP address. This IP address is used to make the connection between the device and the IP address before loading the content.
Things, like a mobile device of a remote worker, also have an IP address. The billions of objects, people, and websites are all dependent on a functioning DNS to deliver content and data.
A DNS is highly distributed and does not rely on a single server. The domains in Azure are hosted on a global network of DNS name servers that are managed by the Azure cloud infrastructure. The whole system is configured to optimize speed and high availability for a given domain. Azure administrators use Azure DNS for services including website hosting, applications, APIs, and cloud service hosting, and DNS Zone management.
Did You Know?
businesses experienced a DNS attack
malware & spyware domains categorised a day
predefined categories by default
of websites tested by Google for malware were infected
What is Azure DNS filtering?
DNS filtering is a method used to stop users from accessing certain websites or IP addresses. This is important as tactics such as phishing and malware-infected websites are successful cyber-attack methods that utilize the internet. DNS filtering works alongside the DNS system. When a DNS resolver is configured to block a certain IP address, adding it to a ‘blocklist’, a user is prevented from navigating to that IP address. Typically, this blocklist contains malicious websites. By the same token, a DNS filter can also allow visits to certain websites, by placing them on a ‘white-list’ of safe to use sites. DNS filtering can also be applied on a device basis, for example, applying filtering policies to education sector Chromebook users. Azure DNS filtering can be applied to Azure specific hosted services to create safe zones for users to access.
Azure Active Directory (AD) Based DNS filtering
Azure AD is a directory that can be used to apply role-based access control. Azure DNS filtering uses policies that span an entire organization, applying and monitoring filtering using these policies as applied to AD group membership. WebTitan DNS filtering is deeply integrated with Azure AD, using an Azure AD Enterprise App to scan any Azure sign-in to find new users. These users are then paired with the IP of any Virtual Machine used to sign in and security and access policies are applied as appropriate.
BEC Losses Topped $2.9 Trillion in 2023
Benefits of Using Azure DNS Filtering
An AI-driven DNS filtering solution, such as WebTitan, uses advanced techniques such as machine learning, to make sure even zero-hour threats are protected against. When integrated with Azure AD, the security policies needed to manage and control employee access can be automatically applied and managed remotely.
A DNS filtering solution, especially one that can selectively adapt to zero-hour threats, provides major benefits to protect your organization from web-borne cyber-attacks:
Dynamically Block Inappropriate or Malicious Website Access
Malware-infected websites are used as bait to attract users and infect any devices connecting to the malicious domain IP address. Other sites may contain inappropriate material. Users are encouraged to open such sites using social engineering techniques. If a user navigates to a malicious site, malicious code takes advantage of vulnerabilities in poorly patched or configured browsers, infecting the device with malware.
It can be difficult for traditional antivirus or antispam solutions to prevent the impact of these sites as new variants pop up that are designed to evade detection by traditional security measures. One of the latest tactics is to use Azure apps as a vector for malware infection/credential theft. Hackers use realistic-looking, but malicious, Azure apps to encourage users to navigate to an attacker-controlled website to execute the full attack. The use of a DNS filter stops attacks such as this by cutting off the route to the malicious website. By using a DNS filter based on Azure AD membership, an enterprise can quickly and dynamically map an active directory user or role to stop access to established and new malicious websites.
Block Phishing Websites
Global Phishing Attacks Increased 58.2% in 2023. These attacks often end in a user being encouraged to navigate to a phishing website. Once the user enters that malicious site, login credentials, data, and/or access to corporate resources are at risk. AI-driven smart technology will ensure that even zero-hour threats are mitigated.
Stops Ransomware Infection and Data Theft
Ransomware is the malware of the moment. Ransomware is no longer about encrypting data and extorting money for a decryption key. Now, according to IBM X-Force, 59% of ransomware incidents also include data exfiltration, the stolen data then being used to put pressure on organizations to pay up. However, even if a ransom is paid there is no guarantee stolen data will not be sold on and used for fraud. Ransomware, often, infects a company through phishing emails and infected websites. The Verizon Data Breach Investigation Report (DBIR) says that in 85% of data breaches a human being is involved, usually by navigating to an infected website or clicking a link in a phishing email. Azure DNS filtering prevents Azure AD members from becoming part of the 85% of humans that help ransomware infections to propagate.
Read our recent Osterman Whitepaper - ‘It Just Takes One Wrong Click - how to protect agaisnt phishing and sophisticated BEC attacks’.
The whitepaper examines how just one click on a malicious link OR one phishing email that got through the net OR Just one employee who sent an email to the wrong person is all it takes to result in a data breach, malware download and serious reputational damage. As cybercriminals evolve their tactics, organizations face increasing risks from sophisticated phishing attempts. From AI-driven hyper-personalization to the exploitation of Microsoft 365 accounts for internal phishing campaigns, attackers are leveraging advanced methods to bypass traditional defenses.
Protect Devices
Remote and homeworking have meant that personal devices are being used for work tasks. However, personal devices are much harder to protect as policies are more difficult to apply and manage remotely. By using an Azure AD DNS filter that uses device-based agents that are remotely managed, even personal devices can be protected from malicious software infections.
Simple to Setup and Use
Finally, any DNS filter needs to be easy to set up and must be configurable remotely for a cloud-based/remote workforce. Cloud environments are continuously changing, adding new apps and new endpoints, that require appropriate policies for different environments. DNS filters need to be easy to set up, configure, and modify. API-based content filters allow for remote configuration and monitoring. Mapping Azure AD to website access provides an easy way to create security policies on a per user/per role basis.
By applying the powerful control of Azure AD integrated DNS filtering to web access, an organization can improve its security posture and reduce web-related risk. A DNS filter offers an organization a way to improve the safe web browsing of its workforce, preventing data and credential theft, ransomware, and other cyber-attacks as well as inappropriate web use.
Get started with WebTitan DNS Filtering Solution. today and see how it directly integrates with Azure AD.