Decentralizing Cybersecurity Via DNS

Decentralization is a big trend in IT, and everyone has their own definition of what “decentralization” really means. With more organizations fully embracing a work-from-anywhere culture, decentralization has moved past being a fad and turned into a necessity.

Decentralized cybersecurity is nothing new. Many of us have been doing it since before the pandemic. What I want to do here is give it a name and explain how DNS security fits into this decentralized approach.

DNS security and decentralization

Your perimeter is now wherever your devices are. Let’s imagine some of your employees go to a conference thousands of miles away. While they’re there, they’re setting up equipment they don’t normally use, are connecting to hotel WiFi, and temporarily join networks that don’t belong to you. In another life, these endpoints would have been completely vulnerable in this situation the moment they left your office. In a decentralized cybersecurity model, they’re protected by multiple layers from DNS security to identity management, to ensure that only those permitted access to these devices are actually using them.

DNS security in this scenario is what I consider the base layer. Everything else is built on top of it. The DNS security occurs on the device, and the goal is to not let anything in. Other security mechanisms can actively defend from threats or help mitigate the propagation of a threat once it’s on a device, but DNS security is solely concerned with not letting things through.

It’s an important barrier that has only grown more important as endpoints have moved from the homebase.

A “Bring-Your-Company-Device” (BYCD) model

What does this move to decentralization look like when we examine the network traffic?

We looked at over 1 million active company machines (processing roughly 3 billion DNS queries per single day) on our network and saw that the percentage of network traffic to streaming sites grew nearly 300% from February 2020 to February 2021—employees are spending more time than ever watching streaming content at work.

We also noticed a peculiar pattern of when users were looking at streaming content and other sites.

Starting at 10 a.m., that’s when users were most likely to visit adult content on work devices. An hour later, at 11 a.m., was the most frequent time of day for them to check out dating sites. By 12:30 (and for roughly the length of a 2-hour movie), users were more likely to view streaming. Finally, gaming sites were most often visited at 1 p.m.

Traffic to online dating sites also grew 59% between 2020 and 2021.

Interestingly though social media is a known time-waster, only 10% of businesses on our network are blocking social media access to their employees. Our customers are most likely to block Snapchat (9.6% blocked) or Instagram (5.9% blocked). However, Twitter, Facebook, and TikTok are all blocked on our network at nearly the same rate—between 3.4% and 3.9% (respectively). When we polled our employees internally, asking them which social sites they thought would be most blocked on our network, the most common answer was Facebook.

Finally, when it comes to cybersecurity, we were able to determine a pattern between the successful identification of a phishing scam between users who were using their company devices during work hours or during leisure time. Employees using such devices during work correctly flag sites as phishing 90% of the time. But users are nearly 40% less likely to correctly flag phishing sites when browsing during their leisure time. It seems that context is everything.

If this teaches us anything, it’s that this blurred line between home and office means we need to implement a different set of security controls than we did previously on traditional networks. Employees at home are less likely to identify a threat as a threat, so the need to shield them with a layered approach to cybersecurity becomes much more important.

Learn more about decentralized cybersecurity and how you can adopt it.



Menu