Encrypted DNS: Friend or Frenemy?

DNS is the last critical service on the Internet and in your organization that runs unencrypted or 'in the clear'. Competing consortiums of standards bodies, IT security associations and internet behemoths are trying to close the DNS encryption gap with varied approaches. Some advocate browser-based extensions, others opt for infrastructure and OS upgrades and others propose measures to block encrypted DNS traffic. Even if a web session is encrypted, unencrypted DNS provides important behavioral metadata that can be used to track network activity. Used properly, encrypted DNS can close privacy and security gaps that leaves DNS queries open to surveillance data miners like Internet behemoths, law enforcement, ISPs, business competitors and advertisers. However, with zero sophistication, any user in your organization can use encrypted DNS, which is now embedded in the world’s most popular web browsers, to completely bypass IT security policies, steal data and run unauthorized applications – all undetectable by most security tools. In many ways, encrypted DNS poses the same risks to information security as the TOR network. However, in areas where accessing the wrong web content can lead to severe consequences, encrypted DNS can literally save lives. Join Infoblox and (ISC)2 on Tuesday, March 24, 2020 at 1:00PM GMT for a discussion examining the rationale and tech behind encrypted DNS, the risks and benefits and it can bring, and strategies information security teams can use to approach this rapidly emerging technology.