As multi-cloud strategies gain traction, companies are finding that managing the DDI and DNS foundations of their network services is becoming increasingly complex, leading to operational challenges and inefficiencies.
Paul Wilcox, Infoblox’s VP for Asia-Pacific Japan, told TechRepublic that centralising management across these different environments could help organisations better coordinate their security, network, and cloud teams. This strategy can also help to detect cyber threats earlier and discover problematic exposures, such as zombie servers.
DNS: An overlooked aspect of IT infrastructure and cybersecurity risk
DDI is shorthand for Domain Name System, Dynamic Host Configuration Protocol, and IP Address Management. According to Infoblox, which offers DDI solutions to 13,000 customers, DDI “comprises the foundation of core network services that enables all communications over an IP-based network.”
DDI is an often overlooked aspect of IT infrastructure, according to Infoblox, and it is becoming increasingly important for enabling secure, efficient, and manageable networks in modern computing environments — including in the early detection and prevention of cyber threats.
Network sprawl, DNS management complexity has grown with cloud
The shift to decentralised, multi-cloud environments, the proliferation of IoT devices, and the overall complexity of modern IT infrastructure have made it more challenging for organisations to effectively manage their DDI services, according to Wilcox.
“The CIO of a Japanese company recently summed it up when he said to me that, with the move to decentralised workplaces and away from on premise compute, the challenges for NetOps and SecOps, and for that matter, DevOps, in most organisations are becoming increasingly complex,” Wilcox said.
“The complexity is going through the roof, and as a consequence we’re not really responding to incidents very quickly; we’re really trying to find a needle in a needle stack. It’s becoming much more difficult for SecOps organisations to define the root cause of many problems.”
Multi-cloud complexity makes DDI management more difficult
Most enterprises are now using two or more cloud service providers. Wilcox noted that with each new environment, managing critical network services becomes more complex and error-prone. Maintaining visibility and control over all DDI services also grows more challenging.
Massive growth in IP-addressed IoT devices
The pervasive expansion of IP-addressed IoT devices — such as the cameras, projectors, or screens that are internet-connected in modern offices — is another challenge for organisations. Managing and securing these devices is becoming “very problematic,” Wilcox said.
NetOps, SecOps, and CloudOps are often siloed in organisations
Operational silos between NetOps, CloudOps, and SecOps teams and manual processes can cause problems. Wilcox said one global bank saw their entire system go down — with U.S. $100 million lost — after a typo was made by the network team in a manual process for changing DNS entries and IP addresses.
SEE: Digital fragmentation is causing problems for organisations, says Boomi
DDI management platforms are fragmented across environments
As organisations expand into multiple clouds, they’ve had to use a combination of DDI tools across environments. These tools have included free services to Infoblox’s separate on-prem and cloud products, as well as native solutions like AWS Route 53, Azure DNS, and Google Cloud DNS.
Fragmented DDI management makes problems harder to distinguish
Other significant issues in the DDI space include IP conflicts, which can lead to network and application outages. There’s also the “prolific” problem of zombie servers — often left unpatched and not updated — hanging DNS records that pose vulnerabilities, and poor utilisation of allocated IP addresses.
Poor DNS and IP address management is a cyber security risk
The cybersecurity implications of DNS management are often underappreciated, Wilcox said.
“I’ve been working in cyber security for probably 15 to 20 years,” he explained. “One of the things that escaped me in my previous lives was just how relevant and important DNS and IP address management was to cyber security, how early in the kill chain it was and how important it was to stop some of those threats at the earliest possible juncture.”
SEE: Infoblox details mega-threat from organised global cyber criminals
He added: “Most of the cyber security solutions that I’ve been involved with happened once the bushfire had already started. So what we’re talking about here is definitely a shift, we sort of say a shift left here, which is probably a misappropriation of the term, but we are essentially getting to that problem much, much earlier in the cycle.”
80% of network traffic comes from malware and threat actors
Wilcox said that, while “he didn’t believe it until I saw it,” almost all organisations who have used Infoblox’s cybersecurity platform have seen an 80% reduction in network traffic. This indicates a massive portion of that traffic involved malware or a threat actor.
DNS security exposures are a “gaping door” for threat actors
Managing and securing DNS and IP address usage can reduce an organisation’s attack surface. For example, organisations often have lame DNS delegations and other security exposures where DNS records are giving authoritative responsibilities to IP addresses they don’t manage.
“That makes for an extraordinarily large security vulnerability for most organisations,” Wilcox said. “If you’re doing that, then you absolutely have gaping doors open for most threat actors to get in and do whatever they like.”
Organisations urged to take a universal approach to DDI management
Wilcox recommends organisations consider bringing together DDI management under a system that can manage DDI across disparate environments and teams. Infloblox recently launched a centralised SaaS system it has dubbed “Universal DDI,” which aims to address this gap that has existed among vendors.
Scott Morris, managing director of Infoblox in Australia and New Zealand, said during a conference call that a universal approach could help larger organisations attack their technical debt problem and improve their visibility across assets and vulnerabilities, which have been caused by multiple iterations of on prem and cloud implementations.
“We’re now seeing more senior security, governance, risk and compliance, and CloudOps and SecOps people that are seeing the gaps in their organisation,” he explained. “Every single CIO, CISO, cloud ops person that comes to one of our events says we are struggling to understand and see what assets are.
“When you really look at the visibility, the integration, automation, and then the shift from really taking what’s been fundamentally a passive tool in the form of DNS, DHCP, and IPAM, and creating that into a proactive security mechanism is a game changer in my opinion.”