New offering from DNSFilter targets shadow IT risks

DNS security firm's AppAware identifies risky apps and helps to subdue them.

The shadow of hand unsettlingly hovers over a keyboard.
Dimitris66 / Getty Images

A new list of high-risk applications commonly used in the enterprise and an offering to block their use has been released by a domain name security company. DNSFilter posted the list of more than 100 risky apps to its website February 17. At the same time, it announced AppAware, which gives organizations the power to block the apps and includes high-profile file-sharing, remote desktop, and messaging programs.

Among the apps on the list were Facebook Messenger, Slack, Snapchat, RemotePC, TeamViewer, Box, Dropbox, and NordVPN. "We're trying to shed some light on what is happening on an organization's network and the devices that its employees are using," said DNSFilter Product Manager Mikey Pruitt. "Our new feature allows for the discovery of what applications are being used. They could be on a personal device or a network or anything making DNS queries.”

70% of all cyberattacks involve the Domain Name System

In a news release, DNSFilter said that 70% of all cyberattacks involve the Domain Name system. A single app can use hundreds to thousands of domains. That makes them difficult for security teams to monitor and ripe for exploitation by cyber attackers.

With AppAware, the company maintains, security teams can obtain visibility in real-time of application activity across an entire organization and have the power to block applications that don't align with internal policies. Risky apps or groups of them, along with all their associated domains, can be blocked with a single click.

Many of the risky apps identified by DNSFilter are part of a range of software associated with shadow IT. "Shadow IT is becoming more pervasive in the industry, especially with people working remotely," Pruitt says, "but the applications we're tackling first are not solely shadow IT. We're focusing on security applications, applications used in attacks or have accelerated permissions in an environment."

Accept but guide Shadow IT

Pruitt says that employees or departments turn to shadow IT because they feel it makes them more productive. Meanwhile, IT wants employees to work in a secure manner. "A balance needs to be struck," he says. "We're trying to enable the applications necessary to get the job done, while restricting applications or parts of applications that are not necessary."

Charles Betz, a principal analyst, with Forrester Research, maintains that there's no governance regime that will stop Shadow IT. "The most advisable thing is to accept that shadow IT is a reality and seek to guide it, control it, and direct it, rather than assume you're going to stop it," he says. "Big IT shops have been trying to do that for decades, and they've failed."

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)