EfficientIP Launches Free Tool to Detect Enterprises Risk of Data Exfiltration
January 2023 by Marc Jacob
EfficientIP announced the launch of its new DNS-based Data Exfiltration Application, which is to be made available for free to partners and enterprises. The application is designed as a hands-on web tool to enable organisations to simply and securely conduct their own ’ethical hack’ on its DNS system and related security defences to identify potential vulnerabilities in its network that could lead to a data breach.
As the foundation for all networks and IP-enabled business, the DNS (Domain Name System) remains a target of choice for cyber criminals to infiltrate a network, take advantage of weaknesses and exfiltrate critical data for nefarious gain. Research conducted with IDC revealed that 88% of organisations experienced one or more DNS attacks on their business over a 12-month period, with almost a quarter (24%) of organisations suffering from the theft of sensitive customer data or Intellectual Property (IP) via the DNS.
EfficientIP’s DNS-based Data Exfiltration Application puts the power back in the hands of organisations by enabling them to test their own DNS networks and see if it is at risk from the techniques that attackers use to break network security defences. Data exfiltration, which employs similar techniques used in DNS Tunnelling, sees attackers adopt a ’low-and-slow’ approach to not raise suspicions by causing a spike in DNS traffic, where they extract small chunks of data via legitimate DNS requests to the server before they reconstruct the data packets and information when all information has been exfiltrated from the network.
Using the new DNS-based Data Exfiltration Application, supported by EfficientIP and its Channel Partner network, organisations will be able to quickly identify gaps in their network and potential vulnerabilities and put in place the appropriate measures to mitigate against this risk in future. With effective DNS security checks in place, organisations protect against data exfiltration, while also meeting compliance regulations.