That means the DNS server must be patched, or the company should upgrade to a more robust server infrastructure. One possibility is DNSSEC, which the U.S. federal government just deployed, but that is pretty complicated.
Another important thing is to make sure that all upstream ISPs have their act together. Even if the company's system is fine, dealing with any compromised name servers is disastrous.
In terms of where the responsibility of DNS security should reside, that depends on what kind of operational responsibilities the security team has. Many security teams these days are more influencers than implementers, which means they need to work with the organization's network team, which would actually deploy any remediation.
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Mike Rothman
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ... Continue Reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.