Akamai Integrates DNS Security with Microsoft's Azure Firewall to Protect Cloud Workloads

Recursive DNS (RDNS) is one of the fundamental building blocks of the internet and nearly every action on the internet starts with a simple DNS lookup. However, RDNS is also used by cybercriminals as a channel for launching attacks and for exfiltrating data. For example, they can embed sensitive information, such as credit card details, into DNS requests from a device they had previously compromised with malware.

Many organizations have deployed a DNS firewall to monitor and control their RDNS traffic. The concept is simple, yet powerful: All the organization does is redirect its RDNS traffic to a service that compares each DNS request against a frequently updated list of known malicious domains. 

With that simple redirect, the service can identify and block requests to malware and ransomware domains, and to command and control servers, which are a fundamental component for activating, updating, and controlling malware once installed in a network. 

Identifying DNS exfiltration and protecting application server traffic

DNS security is particularly suitable for preventing DNS exfiltration, which is a very dangerous threat. DNS exfiltration uses the DNS channel to exfiltrate confidential or sensitive data, and it’s a particularly difficult threat to identify and block, especially low throughput DNS exfiltration.

Typically, a DNS security service is used as a security control point for user-generated DNS requests. However, there’s another security use case for RDNS: protecting workload DNS traffic that is used to connect workloads to external resources. 

By simply redirecting workload RDNS traffic to a DNS security service, you can proactively identify and block requests to risky or malicious external resources. The service also delivers complete visibility and logging for all workload RDNS traffic for audit and compliance purposes.

Adding DNS security to Azure workloads

Thanks to a new integration between Microsoft Azure Firewall and Akamai Secure Internet Access Enterprise, organizations can now quickly and easily add DNS security to further protect their Azure workloads.

Secure Internet Access Enterprise is a DNS firewall service that is deployed on Akamai Connected Cloud. It uses real-time threat intelligence built on data gathered 24/7 from Akamai Connected Cloud, which manages up to 30% of global web traffic and delivers up to 7 trillion DNS queries daily. 

Akamai’s intelligence is enhanced with hundreds of external threat feeds, and the combined dataset is continuously analyzed and curated using advanced behavioral analysis techniques, machine learning, and proprietary algorithms. As new threats are identified, they are immediately added to the Secure Internet Access Enterprise service, delivering real-time protection.

Azure Firewall is a cloud-native and intelligent network firewall security service that provides threat protection for cloud workloads running in Azure. And now customers can quickly add Secure Internet Access Enterprise to provide additional DNS-based protections for their Azure workloads. 

Reducing risk

“Monitoring workload RDNS traffic adds another layer of protection that can help enterprises reduce the risk from software supply chain attacks and other application vulnerabilities,” said John Devasia, Director of Product Management for Zero Trust Access at Akamai. “Integrating Akamai Secure Internet Access Enterprise service with Microsoft Azure Firewall allows enterprises to quickly and easily add DNS-based protections as an additional security control point for their Azure workloads.”