Akamai Extends Cybersecurity Reach to DNS Posture Management
Akamai this week launched an agentless posture management offering that provides visibility across multiple domain name servers (DNS) platforms.
Sean Lyons, senior vice president and general manager for infrastructure security solutions and services at Akamai, said Akamai DNS Posture Management provides real-time monitoring and guided remediation across all major DNS platforms and services in a way that makes it simpler to detect and respond to DNS-based attacks.
Additionally, IT teams can ensure that multiple relevant cybersecurity frameworks for DNS are being adhered to across a hybrid computing environment, including Akamai Cloud, Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) services. Akamai also offers an optional managed security service that includes this latest Akamai DNS Posture Management offering.
Akamai DNS Posture Management also integrates a Certificate Monitor that organizes digital certificates by domain names, helping to identify and prevent security risks such as expired, misconfigured, or rogue certificates. It also renders an HTTP posture for the domains using these certificates.
The overall goal is to provide a comprehensive view of zones, domains, sub-domains and records across all major DNS providers in a way that makes it easier to identify issues involving certificates, vulnerabilities and misconfigurations that weaken the overall cybersecurity resilience of an organization, said Lyons.
That’s critical because the security posture of DNS platforms, which are often the target of cybersecurity attacks, is often overlooked, he added. DNS servers can be compromised by, for example, unauthorized certificate issuance, cache poisoning and even DNS spoofing that results in fake websites being spun up.
More troubling still, a cyberattack on a DNS server can also result in massive amounts of lost revenue should an entire network domain become suddenly unavailable, noted Lyons. As the number of attacks specifically aimed at DNS platforms continues to rise, their impact can be nothing short of catastrophic, he added.
Longer term, Akamai is looking to build out a series of security posture offerings for multiple platforms that are commonly deployed in hybrid IT environments, including, for example, cloud native application protection platforms (CNAPPs), said Lyons.
In the meantime, however, it’s apparent that with many organizations already relying on multiple DNS platforms, there is a clear need to centrally manage configurations and ensure that any associated digital certificates that have been issued remain valid, he noted.
Exactly who is responsible for securing DNS platforms will, naturally, vary from one organization to the next. In theory, security operations teams are mainly responsible, but in other organizations the networking team that provisioned them is also responsible for securing them. It’s not uncommon for IT operations or even a DevOps engineering team to have deployed a DNS platform that they are also expected to secure.
No matter who deployed that DNS platform, however, the complexity of these platforms means probability is high there has been some type of misconfiguration that will be eventually discovered and exploited by cybercriminals. The issue now is finding and remediating those issues as quickly as possible across hybrid IT environments that are only becoming more distributed and challenging to secure with each passing day.
