Companies have invested in security solutions at an exponential rate to protect themselves from continually evolving cyber security threats. And while these investments are important, many companies remain vulnerable to what security experts are now referring to as critically-important security blind spots.

GET IN TOUCH

Contact us now for a free consultation.

Contact us 

Company domain names, domain name systems (DNS), and digital certificates are being attacked or compromised with increasing frequency, sophistication, and severity. These are all of the fundamental components of the most important applications that enable your company to conduct business—including your website, email, and more. And when they're compromised, criminals can redirect websites for financial gain, intercept email to conduct espionage, and even harvest credentials to breach your network. This can have a serious impact on your company's revenue and reputation and expose your company to significant financial penalties as a result of the EU's General Data Protection Regulation and other policies like it.

Because of the recent surge in DNS hijacking and related attacks, government agencies including the U.S. Department of Homeland Security, the U.K. National Cybersecurity Centre, and many of the most respected security companies and experts in the world are urging companies to take action to protect their domain names, DNS, and digital certificates.

OUR JOB IS TO KEEP CLIENTS SECURE

As the leading enterprise-class domain name registrar, we help the world's largest corporations protect against security blind spots by mitigating the risks of DNS hijacking, domain spoofing, domain shadowing, DNS cache poisoning, and other attacks that compromise your business-critical applications. We do this by using a multi-layered defense in depth approach to managing domain names, DNS, and digital certificates.

— DOMAIN SECURITY —

1.

We consolidate all these business-critical assets into a single secure portal and an operational model that's designed to deliver industry-leading security and service.

2.

Our proprietary technology helps proactively mitigate risks by ensuring that vital domain names powering your business are continually monitored, and are using security controls like registry locks, domain name system security extensions (DNSSEC), and domain-based message authentication, reporting, and conformance (DMARC).

Domain Management and Security

DEFENSE IN DEPTH STRATEGY FOR DOMAIN SECURITY

CSC recommends using the principles of defense in depth for domain security. Defense in depth is an approach that started as a military strategy to protect a targeted asset. For domain security, it provides the coordinated use of multi-layered security countermeasures.

APPLY A MULTI-LAYERED, DEFENSE IN DEPTH APPROACH TO DOMAINS, DNS, AND DIGITAL CERTIFICATES

SECURE PORTAL ACCESS

  • Two-factor authentication
  • IP validation
  • Federated ID

CONTROL USER PERMISSIONS

  • Visibility on elevated permissions with notifications
  • Authorized contact policy

ADVANCED DOMAIN SECURITY FEATURES

  • Vital domain identification
  • MultiLock, (registry lock), DNSSEC, CAA, DMARC

ENTERPRISE-CLASS PROVIDER

  Technology

  • Enterprise-class (Tier 4) data center (ISO 27001 compliant, with SOC 2 Type II attestation report)
  • Continuous vulnerability assessments and penetration testing
  • 24x7x365 SOC monitoring and response

  ICANN and registry accredited

  Operations processes

  • Security first, phishing awareness, and social engineering training
  • A mandated clear desk policy
  • Mandatory written requests (never via phone)
  • Data and GDPR compliant (e.g., WHOIS practices)
  • Registry transfer-lock policy

Advanced domain security features

  • Vital domain identification

  • MultiLock, (registry lock), DNSSEC, CAA, DMARC

Control user permissions

  • Visibility on elevated permissions with notifications

  • Authorized contact policy

Secure portal access

  • Two-factor authentication

  • IP validation

  • Federated ID

Enterprise-class provider

Technology

  • Enterprise-class (Tier 4) data center (ISO 27001 compliant, with SOC 2 Type II attestation report)

  • Continuous vulnerability assessments and penetration testing

  • 24x7x365 SOC monitoring and response

ICANN and registry accredited Operations processes

  • Security first, phishing awareness, and social engineering training

  • A mandated clear desk policy

  • Mandatory written requests (never via phone)

  • Data and GDPR compliant (e.g., WHOIS practices)

  • Registry transfer-lock policy

Proactive, continuous monitoring
and alerting

Use an enterprise-class provider

Organizations should validate their domain name registrar is Internet Corporation for Assigned Name and Numbers (ICANN) and registry accredited and can demonstrate their investment into systems and security. This should include both staff training on cyber security, as well as a variety of controls, processes, and security measures that ensure a defense-in-depth approach.

Secure domain name and DNS portal access

Organizations should seek to consolidate domains and DNS with one provider. The provider should offer two-factor authentication, IP validation, and federated identity for a single sign-on environment.

Control user permissions

Organizations should routinely review permissions for staff with access to domains and their DNS portal. A secure provider should be able to alert companies to changes in permissions and implement their authorized contact policy. Only trusted individuals should have access to elevated permissions.

Leverage advanced domain security features, such as:

  • DNSSEC, which encrypt queries to the internet service providers and therefore act as a visual deterrent for cyber criminals. Moreover, DNSSEC digitally signs the root zone, which means the organization can be confident of reaching a legitimate website.

  • Registry locks stop automated changes of DNS records, preventing execution of unauthorized requests.

  • Digital Certificate Policy with certification authority authorization (CAA) records allows only authorized certification authorities to issue a certificate on your domains.

  • DMARC, which gives organizations protection against unauthorized use of their domains, commonly known as email spoofing.

  • Proactive, continuous monitoring and alerting to ensure that the domain name registrar or DNS hosting provider has continuous monitoring and alerts in place such as CSC Security CenterSM

ADDITIONAL SOLUTIONS

Our Customers

Thank you, CSC, for transforming our experience in the world of digital assets with the commitment to security, user-friendliness, and exceptional customer support.

Luxury Hotels Group

We're ready to talk.

WE'RE READY TO TALK

Our specialists are ready to answer your questions about domain security.



Maximum characters: 250
*Required

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Learn how to unsubscribe from emails.