Breaking

Recursive DNS lookups yield threat insight

Too often it seems someone in a healthcare organization clicks on a malicious link or opens a phishing email, sparking a malware or ransomware attack.

This challenge to hospital network security is made worse given the many connected devices in a healthcare organization’s environment.

For the University of Kansas Health System, based in Kansas City, Mo., the need to see the internet activity of all devices in its environment is a necessity to ensure hospital network security, and detect and prevent ransomware attacks.

“As a health system, there are many medical devices that connect to the internet,” said Henry Duong, enterprise infrastructure security manager at the University of Kansas Health System. “We needed visibility into internet activity across all devices.”

As a health system, there are many medical devices that connect to the internet. We needed visibility into internet activity across all devices.
Henry Duongenterprise infrastructure security manager at the University of Kansas Health System

Duong said the University of Kansas Health System decided to use Cisco Umbrella, which he said uses Domain Name Service (DNS) “to block those threats over all ports and protocols and help us reduce our exposure to ransomware.”

Duong explained that Umbrella performs recursive DNS lookups and also leverages a feature Cisco calls Investigate. This tool gathers “context about malicious domains, for example, to find out if it’s a bad site or a phishing site or if [your organization has] basically been syphoned for any type of data,” Duong said.

The University of Kansas Health System has been using Umbrella since December 2015 and, Duong said, “we’ve seen a drop in malware and we attribute that to Umbrella delivering security at the DNS and IP layer, preventing command and control callbacks.”

How Umbrella works

Chris Doell

Umbrella is able to pull threat intelligence from Cisco’s global list of tens of thousands of customers, said Chris Doell, head of customer service for cloud security at Cisco OpenDNS.

“We monitor roughly 2.5% to 3% of the world’s internet traffic. Because we redirect all that traffic we have a unique visibility into the dark corners and the threat actors across the internet,” Doell said. “Based on all that … we can proactively, and in some cases, predictively lay down security policy and enforce those policies and protect our customers from going to malicious domains through the service.”

Organizations can also lay down their own network security and policy enforcement, as well as hook up other security tools to Umbrella via APIs.

Duong explained that Umbrella integrates with two of the University of Kansas Health Systems’ other security solutions including their external threat intelligence feed and their big data security reader.

Doell added that in addition to providing this visibility, Umbrella also has a policy enforcement layer where, when a malicious domain is found, it is…

Read the full article from the Source…

Join The Discussion