Enterprises Can Learn From Government Cyber Defence

Uploaded on 2025-06-03 in TECHNOLOGY--Resilience, FREE TO VIEW

It’s easy to overlook DNS. For many security teams, if it’s resolving correctly, it’s not a problem. But that assumption is increasingly dangerous. From malware delivery and phishing infrastructure to domain spoofing and misdirection, DNS has become the control plane of choice for cybercriminals operating at an industrial scale.

The protocols that keep the internet accessible are now being used to make cyberattacks quietly scalable.

“Quietly” is the main word here - cyberattacks that abuse DNS often go unnoticed for too long because the modus operandi is often centered around masking, cloaking, and infiltration. What’s more, the boundary between individual criminal activity and state-sponsored criminality is becoming increasingly blurred, with disinformation, fraud, and ransomware often relying on the same underlying DNS abuse.

Governments have taken notice. In fact, they’re leading the way. Protective DNS (PDNS) has become a critical national security asset in countries like the UK, US, Canada, and Australia, used not just to defend public sector infrastructure, but to advise private organizations on how to detect and pre-empt cybercrime. Rather than waiting for endpoints to get infected or users to report scams, PDNS enables a population-wide defensive stance by intervening at the network layer.

Now, as threats mount and the risks extend beyond state agencies to private enterprise, the lessons are clear: the DNS layer is no longer just a network function. It’s a pillar of security.

Government Initiatives: Leveraging DNS For Cyber Defense

Protective DNS is being pitched as a novel concept, but it’s really just using something that’s always been there. The UK, for example, has pioneered the deployment of PDNS to shield central and local government entities, schools, and healthcare institutions from malicious domains. The system proactively blocks access to known threat infrastructure, helping to prevent phishing, malware distribution, and online scams before they reach end users. What makes this model so powerful is its architectural position: DNS sits “upstream” of most endpoint defences, offering a chance to disrupt threats before they fully take hold. It’s not a silver bullet, but it’s a strong filter, and in an age where 92% of malware relies on DNS to function, it’s a logical place to intervene.

The UK has emerged as a leader in this space. Its National Cyber Security Centre (NCSC) has rolled out the ‘Share and Defend’ initiative, allowing threat intelligence to be shared across public and private sectors and blocked directly at the ISP level.

Rather than simply issuing warnings, the UK government is taking an active role in threat prevention, partnering with infrastructure providers to deny malicious domains access to end users. This proactive approach was mentioned at the 2025 Global Anti-Scam Summit in London, where officials from across sectors stressed the importance of DNS-based strategies in tackling online fraud.

But perhaps the most important lesson is strategic: by curating the national DNS namespace, governments can reduce attack surface, prevent brand abuse, and close off entire classes of exploit. Enterprises would do well to pay attention.

Adopting DNS-based Defense For Enterprise

DNS is the “plumbing” that connects and routes the internet, and turning it into a defensive tool isn’t just the province of governments. After all, businesses face many of the same risks – lookalike domains, misconfigured records, dormant CNAMEs – and attackers don’t always discriminate between public and private targets. By curating their DNS namespace, organizations can eliminate low-effort entry points, reduce the likelihood of brand impersonation, and limit exposure to domain hijacking. 

Ideally, DNS visibility should be integrated into the wider security operation. Filtering and monitoring DNS traffic can provide an early signal of compromise, flagging connections to suspicious infrastructure before malware is executed or data is exfiltrated. DNS threat intelligence adds another layer, surfacing domains linked to known attack campaigns and fraud networks.

Used properly, DNS becomes both shield and sensor: blocking threats upstream while supplying the intelligence needed to detect them elsewhere.

This is also a community push; businesses that manage their DNS responsibly help prevent their domains being weaponized against others, reducing risk across the entire digital ecosystem. DNS may have been designed to connect users, but today it also offers a powerful way to protect them. 

Craig Sanderson is Principal Cyber Security Strategist at Infoblox

Image: philip oroni

You Might Also Read: 

The Importance Of Ensuring Domain Infrastructure Security:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« US Confirms Pause In Cyber Operations Against Russia
Cyber Threats Escalate Against The Finance Sector »

Infosecurity Europe
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Secuna Software Technologies

Secuna Software Technologies

Secuna is the most trusted Cybersecurity Testing Platform in the Philippines. Our pool of vetted security researchers will find and ethically report security vulnerabilities in your product.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Mode

Mode

Mode is an out-of-band communication and crisis collaboration platform. One platform to manage your cyber crisis response. Stay connected when it's needed most.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.