Domain Security

Companies have invested in security solutions at an exponential rate to protect themselves from continually evolving cyber security threats. And while these investments are important, many companies remain vulnerable to what security experts are now referring to as critically-important security blind spots.

Company domain names, domain name systems (DNS), and digital certificates are being attacked or compromised with increasing frequency, sophistication, and severity. These are all of the fundamental components of the most important applications that enable your company to conduct business—including your website, email, and more. And when they're compromised, criminals can redirect websites for financial gain, intercept email to conduct espionage, and even harvest credentials to breach your network. This can have a serious impact on your company's revenue and reputation and expose your company to significant financial penalties as a result of the EU's General Data Protection Regulation and other policies like it.

Because of the recent surge in DNS hijacking and related attacks, government agencies including the U.S. Department of Homeland Security, the U.K. National Cybersecurity Centre, and many of the most respected security companies and experts in the world are urging companies to take action to protect their domain names, DNS, and digital certificates.

OUR JOB IS TO KEEP CLIENTS SECURE

As the leading enterprise-class domain name registrar, we help the world's largest corporations protect against security blind spots by mitigating the risks of DNS hijacking, domain spoofing, domain shadowing, DNS cache poisoning, and other attacks that compromise your business-critical applications. We do this by using a multi-layered defense in depth approach to managing domain names, DNS, and digital certificates.

Domain Security
  1. First, we consolidate all these business-critical assets into a single secure portal and an operational model that's designed to deliver industry-leading security and service.

  2. Second, our proprietary technology helps proactively mitigate risks by ensuring that vital domain names powering your business are continually monitored, and are using security controls like registry locks, domain name system security extensions (DNSSEC), and domain-based message authentication, reporting, and conformance (DMARC).

Domain Management and Security

DEFENSE IN DEPTH STRATEGY FOR DOMAIN SECURITY

CSC recommends using the principles of defense in depth for domain security. Defense in depth is an approach that started as a military strategy to protect a targeted asset. For domain security, it provides the coordinated use of multi-layered security countermeasures.

APPLY A MULTI-LAYERED, DEFENSE IN DEPTH APPROACH TO DOMAINS, DNS, AND DIGITAL CERTIFICATES

SECURE PORTAL ACCESS

  • Two-factor authentication
  • IP validation
  • Federated ID

CONTROL USER PERMISSIONS

  • Visibility on elevated permissions with notifications
  • Authorized contact policy

ADVANCED DOMAIN SECURITY FEATURES

  • Vital domain identification
  • MultiLock, (registry lock), DNSSEC, CAA, DMARC

ENTERPRISE-CLASS PROVIDER

  Technology

  • Enterprise-class (Tier 4) data center
  • ISO 27001/2 compliant
  • Continuous vulnerability assessments and penetration testing
  • 24x7x365 SOC monitoring and response

  ICANN and registry accredited

  Operations processes

  • Security first, phishing awareness, and social engineering training
  • A mandated clear desk policy
  • Mandatory written requests (never via phone)
  • Data and GDPR compliant (e.g., WHOIS practices)
  • Registry transfer-lock policy
PROACTIVE, CONTINUOUS MONITORING AND ALERTING SECURE PORTAL ACCESS     Two-factor authentication     IP validation     Federated ID CONTROL USER PERMISSIONS     Visibility on elevated      permissions with notifications     Authorized contact policy ADVANCED DOMAIN SECURITY FEATURES     Vital domain identification     MultiLock, (registry lock),     DNSSEC, CAA, DMARC ENTERPRISE-CLASS PROVIDER     Technology      Enterprise-class (Tier 4) data center      ISO 27001/2 compliant      Continuous vulnerability assessments         and penetration testing      24x7x365 SOC monitoring and response     ICANN and registry accredited     Operations processes        Security first, phishing awareness,         and social engineering training        A mandated clear desk policy        Mandatory written requests         (never via phone)        Data and GDPR compliant         (e.g., WHOIS practices)        Registry transfer-lock policy

Use an enterprise-class provider

Organizations should validate their domain name registrar is Internet Corporation for Assigned Name and Numbers (ICANN) and registry accredited and can demonstrate their investment into systems and security. This should include both staff training on cyber security, as well as a variety of controls, processes, and security measures that ensure a defense-in-depth approach.

Secure domain name and DNS portal access

Organizations should seek to consolidate domains and DNS with one provider. The provider should offer two-factor authentication, IP validation, and federated identity for a single sign-on environment.

Control user permissions

Organizations should routinely review permissions for staff with access to domains and their DNS portal. A secure provider should be able to alert companies to changes in permissions and implement their authorized contact policy. Only trusted individuals should have access to elevated permissions.

Leverage advanced domain security features, such as:

  • DNSSEC, which encrypt queries to the internet service providers and therefore act as a visual deterrent for cyber criminals. Moreover, DNSSEC digitally signs the root zone, which means the organization can be confident of reaching a legitimate website.

  • Registry locks stop automated changes of DNS records, preventing execution of unauthorized requests.

  • Digital Certificate Policy with certification authority authorization (CAA) records allows only authorized certification authorities to issue a certificate on your domains.

  • DMARC, which gives organizations protection against unauthorized use of their domains, commonly known as email spoofing.

  • Proactive, continuous monitoring and alerting to ensure that the domain name registrar or DNS hosting provider has continuous monitoring and alerts in place such as CSC Security CenterSM

CSC SECURITY CENTER MITIGATES THE RISK OF CYBER THREATS TO YOUR DIGITAL ASSETS

CSC Security Center is built to minimize unknown risks and reduce disruptions to your business by identifying threats to your vital digital assets, helping you keep your business operating at all times. View, manage, and secure your company's domain portfolio.

Learn more go here
Domain Security
Domain Security

MITIGATE RISKS FROM RIGHT WITHIN YOUR SIEM

Our newly launched domain name security intelligence API supports the mitigation of cyber threats such as domain name and DNS hijacking events directly from your own security operations platform or security information and event management (SIEM) system. For most organizations, the exploitation of weaknesses in DNS infrastructure is caused by a lack of controls, processes, and policies. For clients using a security operations platform or a SIEM, it's now possible to display all your security intelligence in one place, adding security controls for domains, DNS, and digital certificates. This insight can help organizations foresee and manage business continuity disruptions that lead to financial repercussions, loss of consumer trust, and sensitive data leaks.

Learn more go here

CSC MULTILOCK PROVIDES MULTIPLE LAYERS IN DEFENSE

Using multi-layered security solutions for your registry locks provides you with the best defense-in-depth approach. The most effective mechanism is to employ all registry locks together with the registrar transfer locks. At CSC, we combine them into our MultiLock service, which includes an additional mechanism not shown in the WHOIS to protect any THIN WHOIS details held with us as the registrar.

Learn more go here
Domain Security
Our Customers

The team at CSC is always on top of our projects and partners with us to ensure our needs are met. Very high quality partner that is flexible and understands our business.

Jason Light | director of Digital Marketing at Federal-Mogul Corporation

We're ready to talk.

WE'RE READY TO TALK

Our specialists are ready to answer your questions about domain security.



Start eRecording Today

Maximum characters: 250
*Required

Learn how to unsubscribe from emails.