Companies have invested in security solutions at an exponential rate to protect themselves from continually evolving cyber security threats. And while these investments are important, many companies remain vulnerable to what security experts are now referring to as critically-important security blind spots.
Company domain names, domain name systems (DNS), and digital certificates are being attacked or compromised with increasing frequency, sophistication, and severity. These are all of the fundamental components of the most important applications that enable your company to conduct business—including your website, email, and more. And when they're compromised, criminals can redirect websites for financial gain, intercept email to conduct espionage, and even harvest credentials to breach your network. This can have a serious impact on your company's revenue and reputation and expose your company to significant financial penalties as a result of the EU's General Data Protection Regulation and other policies like it.
Because of the recent surge in DNS hijacking and related attacks, government agencies including the U.S. Department of Homeland Security, the U.K. National Cybersecurity Centre, and many of the most respected security companies and experts in the world are urging companies to take action to protect their domain names, DNS, and digital certificates.
OUR JOB IS TO KEEP CLIENTS SECURE
As the leading enterprise-class domain name registrar, we help the world's largest corporations protect against security blind spots by mitigating the risks of DNS hijacking, domain spoofing, domain shadowing, DNS cache poisoning, and other attacks that compromise your business-critical applications. We do this by using a multi-layered defense in depth approach to managing domain names, DNS, and digital certificates.
— DOMAIN SECURITY —
1.
We consolidate all these business-critical assets into a single secure portal and an operational model that's designed to deliver industry-leading security and service.
2.
Our proprietary technology helps proactively mitigate risks by ensuring that vital domain names powering your business are continually monitored, and are using security controls like registry locks, domain name system security extensions (DNSSEC), and domain-based message authentication, reporting, and conformance (DMARC).
DEFENSE IN DEPTH STRATEGY FOR DOMAIN SECURITY
CSC recommends using the principles of defense in depth for domain security. Defense in depth is an approach that started as a military strategy to protect a targeted asset. For domain security, it provides the coordinated use of multi-layered security countermeasures.
APPLY A MULTI-LAYERED, DEFENSE IN DEPTH APPROACH TO DOMAINS, DNS, AND DIGITAL CERTIFICATES
Use an enterprise-class provider
Organizations should validate their domain name registrar is Internet Corporation for Assigned Name and Numbers (ICANN) and registry accredited and can demonstrate their investment into systems and security. This should include both staff training on cyber security, as well as a variety of controls, processes, and security measures that ensure a defense-in-depth approach.
Secure domain name and DNS portal access
Organizations should seek to consolidate domains and DNS with one provider. The provider should offer two-factor authentication, IP validation, and federated identity for a single sign-on environment.
Control user permissions
Organizations should routinely review permissions for staff with access to domains and their DNS portal. A secure provider should be able to alert companies to changes in permissions and implement their authorized contact policy. Only trusted individuals should have access to elevated permissions.
Leverage advanced domain security features, such as:
DNSSEC, which encrypt queries to the internet service providers and therefore act as a visual deterrent for cyber criminals. Moreover, DNSSEC digitally signs the root zone, which means the organization can be confident of reaching a legitimate website.
Registry locks stop automated changes of DNS records, preventing execution of unauthorized requests.
Digital Certificate Policy with certification authority authorization (CAA) records allows only authorized certification authorities to issue a certificate on your domains.
DMARC, which gives organizations protection against unauthorized use of their domains, commonly known as email spoofing.
Proactive, continuous monitoring and alerting to ensure that the domain name registrar or DNS hosting provider has continuous monitoring and alerts in place such as CSC Security CenterSM
ADDITIONAL SOLUTIONS
WE'RE READY TO TALK
Our specialists are ready to answer your questions about domain security.