What BlueCat learned from five billion DNS queries 

More than ever, CIOs are called to be more than just the heads of technology. They drive business initiatives by delivering services and applications.

These changes impact networking professionals as well. It forces them to deal with a much more complex network environment and a growing emphasis on speed and agility. To empower digital transformation, NetOps teams and CIOs need to find new ways to use data about the network at their disposal. With that information, they can optimize operations and improve network performance.

DNS data: An untapped resource

BlueCat’s 2020 Networking Trends Report illustrates how CIOs can use DNS data to uncover potential efficiencies, minimize security threats, and improve overall customer experience. The report analyzes more than five billion DNS queries spanning North America and Asia. When taken together, these queries provide visibility into network activity that can be used to find cost savings and operational efficiencies.

Here are some of the key recommendations and conclusions from the report:

Optimize performance with insights from DNS: With visibility into DNS queries, IT teams can discover network and query performance degradation, identify root cause, and speed up remediation. It allows organizations to gain meaningful insights into application and cloud service usage levels, to better understand user adoption and behaviors, and measure ROI.

Change KPIs of network performance: Legacy metrics such as uptime and latency are still relevant. But service delivery is a growing focus as IT departments move toward new business models. In this context, DNS data offers a wide range of meaningful business metrics that can assess the value of a NetOps team in delivering services.

Develop a cross-functional approach: DNS data often holds the context that threat hunters and security operators need for a smart, focused response to malicious activity. The ability to collect and analyze that data often originates with the network team, however. A collaborative, cross-departmental approach is required to truly reap the rewards of this valuable data set.

Leverage DNS data for security policies: Periodic analysis of DNS traffic (and internal DNS traffic in particular) can uncover significant threats to network security. That traffic should inform targeted security policies to lock down critical systems. Only by digging into the data and mapping it against business requirements can you discover how it can best serve network security in your particular context.

Tactical lessons

At a tactical level, BlueCat’s analysis revealed many insights that network teams can use to optimize performance and improve security.

Failure to optimize DNS query resolution paths

For example, BlueCat found that many organizations fail to optimize DNS query resolution paths. This adds significant latency to each query and unnecessary load to internal networks. The result is poor end-user experience, as queries are routed to a local external service that may actually be half a world away in the company’s primary data center.

One BlueCat customer found that 80% of all network traffic was being routed to external trusted services. They began routing it directly to the internet instead. As a result, they were able to optimally route network traffic, save on WAN costs, and improve user experience.

Leveraging DNS to improve network visibility

DNS can also be leveraged to improve network visibility. BlueCat’s researchers uncovered information surrounding cloud and application usage rates as well as what activities customers’ employees are performing online. Of the queries for non-business-related websites, roughly 54% of these domains were from social media sites. More than a quarter of the domains were for news sites.

When broken down by vertical, there were some noticeable differences. The education sector, for example, had higher use of social media than other sectors (accounting for nearly 61% of the vertical’s non-business activity). This same level of visibility can be used to determine what services and applications employees are using. In addition to determining worker productivity, knowing how regularly employees are using certain applications and services can help organizations uncover areas to improve for efficiencies and cost savings.

Driving NetOps 2.0

DNS underlies every action across the enterprise. It is a critical point of leverage for network administrators as they look to find their place in this new IT landscape. Using the right metrics and the right technology, NetOps teams can make DNS the common thread between security and DevOps teams. And it can help organizations maintain the speed and agility business operations demand.