NTX Use Case – Data Theft

Breaking into your network is one thing. How are cyber criminals getting your data out?

Cyber security is all about preventing access to your network, preventing the bad actors from getting to your systems and data. Attacks are usually about damaging organizations or stealing data.

Data Theft - How it Happens

Data theft is coming to the fore

But these days, having personal data stolen is enough to damage organizations too. Although the reputational damage done when breaches become public knowledge can be bad, in the light of GDPR in the EU and other similar initiatives around the world, we’re seeing significant punitive fines when personal data is stolen. That’s a significant shift in responsibility – organizations are now liable.

When it comes to stealing data, from a technical point of view, getting access is only half the story. The data has to be extracted from the organization, preferably without being noticed. One way of doing this that’s very difficult to spot is to distribute the stolen data among corrupted DNS packets; a technique known as DNS tunnelling. What is this and how can it be stopped?

DNS tunnelling

The domain name system (DNS) is often called the phone book of the internet. It translates the domain names we know into the numerical IP addresses behind those names, so that computers and apps can find the websites and services they need.

Because it’s so critical for the operation of all networks, DNS data packets often pass through firewalls and other cyber security tools without any examination. DNS tunnelling allows criminals to split stolen data up into small pieces, attach it to DNS packets then reassemble it once it’s outside the organization.

If that sounds technically challenging, it is. But tools that make it simple are easily available for sale on the dark web, some even coming with technical support. It is no longer the preserve of criminal geniuses, anyone with a laptop can now steal personal data and trade secrets.

What can be done?

Despite the fact that these tools allow DNS to be used for criminal purposes, that also makes DNS packets the perfect place to spot the activity and that’s exactly what Nominet’s NTX platform does.

Designed to add a layer of additional security and strengthen a weak spot, NTX adds industrial-grade, advanced DNS analysis to enhance existing security stacks. The technique doesn’t just spot and prevent data theft via DNS but also phishing and the vast majority of other malware.

Nominet’s teams of data scientists and cyber security analysts are constantly examining malware techniques and enhancing the technology within NTX to stay ahead of the criminals.

Managed service or on-premise - your choice

The platform can be offered as a managed service, which includes a protected DNS service, run by our experts for you. For organizations that have their own cyber security teams, NTX can be installed and run locally so that threat prediction, detection and blocking is under their control. No specialist hardware is required, NTX components run on standard servers.

This white paper contains more detail on the NTX product, how it works and what it can do for your business – essentially keeping you in business.

More Resources

cyber data
Data theft via DNS - what it is and how to stop it

A technique called DNS tunnelling allows criminals to extract data from your systems remotely - financial data, account details, login credentials, intellectual property and more - without you even knowing it. Find out how to prevent DNS tunnelling.

Download the Whitepaper
dns cyber security
Top 5 tips for preventing data theft

Find out about how you can mitigate against data theft in our helpful tip sheet.

See the tip sheet